The Trivy ecosystem has suffered its second major security breach this March, following a supply-chain attack that compromised the official GitHub Action used to run Trivy vulnerability scans in CI/CD pipelines. An attacker with residual credentials from a previous breach successfully force-pushed 75 out of 76 version tags in the aquasecurity/trivy-action repository. These tags were […] The post Trivy Vulnerability Scanner Breached To Inject Credential-Stealing Scripts appeared first on Cyber Security News.