Malicious Script Injection in Trivy Compromise Enables Credential Theft

Sat Mar 21 2026

Development

Open Source

Vulnerability

cybersecuritynews.com

A sophisticated supply chain attack targeting the official Trivy GitHub Action (aquasecurity/trivy-action) has compromised continuous integration and continuous deployment (CI/CD) pipelines globally. Disclosed in late March 2026, this incident marks the second distinct compromise affecting the Trivy ecosystem within a single month. Threat actors successfully force-pushed 75 out of 76 existing version tags to distribute […] The post Malicious Script Injection in Trivy Compromise Enables Credential Theft appeared first on Cyber Security News.