Trivy supply-chain

Multiple security reports describe a March 19–22, 2026 supply‑chain compromise of Aqua Security’s Trivy (attributed to “TeamPCP”) in which attackers abused GitHub Actions and mutable tags to publish backdoored binaries and Docker images that harvested and exfiltrated CI/cloud/Kubernetes credentials, with IOCs and remediation guidance (pin to SHAs, rotate secrets, verify image digests) provided.

List of posts related to this topic

Post Title	Date Published↓	Describes Incident	Feed
AppSec as attacker: Inside Trivy–LiteLLM	2026-03-27	True	ReversingLabs Blog Not Subscribed
Microsoft Unveils New Guidance to Detect and Defend Against Trivy Supply Chain Attack	2026-03-26	True	GBHackers Not Subscribed
Aqua Security’s Trivy Scanner Compromised in Supply Chain Attack	2026-03-25	True	cybersecurityNews.com Not Subscribed
Guidance for detecting, investigating, and defending against the Trivy supply chain compromise	2026-03-25	True	Microsoft Security Not Subscribed
1K+ cloud environments infected following Trivy supply chain attack	2026-03-24	True	The Register (Security) Not Subscribed
The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond	2026-03-24	True	Security Boulevard Not Subscribed
Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack	2026-03-24	True	CyberScoop Not Subscribed
Trivy Supply Chain Attack Targets CI/CD Secrets	2026-03-23	True	Dark Reading Not Subscribed
Trivy supply-chain attack spreads to Docker, GitHub repos	2026-03-23	True	Bleeping Computer Not Subscribed
Trivy Supply Chain Attack Expands With New Compromised Docker Images	2026-03-23	True	Infosecurity Magazine (News) Not Subscribed
44 Aqua Security repositories defaced after Trivy supply chain breach	2026-03-23	True	Security Affairs Not Subscribed
44 Aqua Security repositories defaced after Trivy supply chain breach	2026-03-23	True	Security Affairs Not Subscribed
Trivy Supply Chain Attack Expands as Compromised Docker Images Hit Docker Hub	2026-03-23	True	cybersecurityNews.com Not Subscribed
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper	2026-03-23	True	The Hacker News Not Subscribed
Trivy Supply Chain Attack Spreads via Compromised Docker Hub Images	2026-03-23	True	GBHackers Not Subscribed
Update: Ongoing Investigation and Additional Activity	2026-03-23	True	Aqua Security Blog Not Subscribed
TeamPCP expands: Supply chain compromise spreads from Trivy to Checkmarx GitHub Actions	2026-03-23	True	Sysdig Blog Not Subscribed
TeamPCP expands: Supply chain compromise spreads from Trivy to Checkmarx GitHub Actions	2026-03-23	True	Sysdig Blog Not Subscribed
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions	2026-03-21	True	Bleeping Computer Not Subscribed
Trivy Supply Chain Attack: What Happened and What You Need to Know	2026-03-21	True	Aqua Security Blog Not Subscribed
Trivy Vulnerability Scanner Compromised to Inject Malicious Scripts That Steal Credentials	2026-03-21	True	GBHackers Not Subscribed
Hackers Compromise Trivy Scanner to Inject malicious Scripts and Steal Login Credentials	2026-03-21	True	cybersecurityNews.com Not Subscribed
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets	2026-03-20	True	The Hacker News Not Subscribed
Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack	2026-03-20	True	Wiz Blog Not Subscribed
From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise	2026-03-20	True	Crowdstrike Blog Not Subscribed