Trivy, a widely used open-source vulnerability scanner, has suffered its second supply chain compromise in a month. Attackers force-pushed malicious code to 75 version tags of the aquasecurity/trivy-action and aquasecurity/setup-trivy repositories. This tag-poisoning technique allowed the threat actor to distribute a Python-based infostealer designed to harvest sensitive CI/CD secrets, including cloud credentials, SSH keys, and Kubernetes tokens.
The incident stems from incomplete containment of a previous attack, where attackers managed to retain access to refreshed tokens. The malware, linked to the "TeamPCP" threat group, exfiltrates data to a typosquatted domain or stages it in public GitHub repositories. Security teams are advised to rotate all pipeline secrets, block the identified C2 infrastructure, and move toward pinning GitHub Actions to specific SHA hashes rather than mutable version tags to prevent similar poisoning attacks.
Top comments (0)