The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond

On March 19–22, 2026, TeamPCP compromised Aqua Security's Trivy supply chain by force‑pushing malicious commits and publishing weaponized binaries and Docker images, deploying a "TeamPCP Cloud Stealer" that read runner process memory to bypass GitHub Actions secret masking, harvested a wide range of credentials and keys, and exfiltrated data via a typosquatted C2 domain and fallback GitHub repositories; affected components include trivy binary v0.69.4, Docker images v0.69.5/v0.69.6/latest, trivy-action tags 0.0.1–0.34.2, and setup-trivy releases, with concrete IoCs and remediation steps (rotate secrets, pin SHAs, update to safe versions) and open-source playbooks for rapid response.