Trivy Vulnerability Scanner Compromised to Inject Malicious Scripts That Steal Credentials

A supply-chain compromise of the Trivy GitHub Actions repository was discovered on March 19, 2026: attackers force-pushed and poisoned 75 of 76 version tags to distribute a multi‑stage infostealer that scrapes runner memory and files for cloud credentials, SSH keys, and tokens, encrypts stolen data with a session key wrapped by the attackers' public key, and exfiltrates it to typosquatted domains or victim accounts. The adversary spoofed commit metadata to hide the attack and ensured the malicious script executes immediately before legitimate Trivy scans, meaning pipelines referencing the poisoned tags should be considered fully compromised and require immediate secret rotation and pinning to verified commit hashes.