1K+ cloud environments infected following Trivy supply chain attack

A widespread supply-chain attack by a group called TeamPCP compromised the Trivy open-source scanner (including trivy-action and setup-trivy GitHub Actions), pushing malicious releases and container images that deploy secret-stealing malware; researchers report over 1,000 impacted SaaS/cloud environments with potential to expand into thousands more. The campaign also trojanized liteLLM (present in a large portion of cloud environments), spread into npm via a worm (CanisterWorm), and involved defacement and exposure of Aqua Security's internal repositories; attackers are reportedly collaborating with high-profile extortion groups like Lapsus$, increasing the risk and potential impact.