Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy and related GitHub Actions were compromised via credential-based tag poisoning that delivered a Python infostealer inside CI/CD runners, harvesting environment variables, SSH/cloud/database credentials, and crypto keys, then exfiltrating them to scan.aquasecurtiy.org (IP 45.148.10.212); attribution points to TeamPCP or a related actor and recommended mitigations include rotating secrets, pinning Actions to full SHAs, blocking the exfiltration domain/IP, and searching for staged repositories like "tpcp-docs".