44 Aqua Security repositories defaced after Trivy supply chain breach

Researchers report that TeamPCP compromised Trivy GitHub Actions to distribute malicious Docker images (infostealer) and stole a long-lived service account token which they used to automatically rename and deface all 44 repositories in an Aqua Security internal GitHub organization within minutes, exposing internal code, tools, and likely secrets; IOCs were published by investigators.