Aqua Security’s widely used open-source vulnerability scanner Trivy has been compromised in a second major supply chain attack within a month, exposing CI/CD pipelines to malware designed to steal sensitive developer credentials and infrastructure secrets. The incident highlights growing risks in software supply chains and reinforces the need for stronger cybersecurity practices across development environments.
The latest breach specifically impacted GitHub Actions repositories “aquasecurity/trivy-action” and “aquasecurity/setup-trivy,” both critical tools used by developers to scan container images and configure workflows. According to security researchers, attackers force-pushed 75 out of 76 version tags in the Trivy Action repository, effectively turning trusted version references into a delivery mechanism for malicious code.
The injected payload executed within GitHub Actions runners, targeting high-value assets such as SSH keys, cloud credentials, database access details, Git configurations, Docker settings, Kubernetes tokens, and even cryptocurrency wallets. This type of attack demonstrates how compromised CI/CD environments can serve as a gateway to broader enterprise infrastructure.
This marks the second recent incident involving Trivy. Earlier in 2026, attackers exploited a workflow vulnerability to steal a Personal Access Token (PAT), which was then used to manipulate the repository and distribute malicious versions of related tools. The latest attack appears to stem from incomplete containment of that earlier breach, allowing threat actors to regain access using compromised credentials.
Security experts revealed that the malware operates in multiple stages: collecting sensitive data from environment variables and system files, encrypting the information, and exfiltrating it to an attacker-controlled domain. If direct exfiltration fails, the malware uses stolen GitHub credentials to upload the data to a public repository, ensuring persistence and data leakage.
Investigators believe the attack may be linked to the threat group known as TeamPCP, a cloud-focused cybercriminal operation associated with data theft and extortion campaigns. While attribution is not fully confirmed, the tools and techniques observed in the attack align with the group’s known tactics, particularly its focus on cloud-native environments and financial data.
The breach also demonstrated how attackers can manipulate version tags without altering source code branches, bypassing traditional security checks. By exploiting trusted tagging mechanisms, threat actors were able to distribute malicious updates without triggering immediate suspicion.
In response, Aqua Security has advised users to immediately upgrade to safe versions, including Trivy 0.69.3, trivy-action 0.35.0, and setup-trivy 0.2.6. Organizations that may have used compromised versions are urged to treat all CI/CD secrets as exposed and rotate credentials without delay.
Additional mitigation steps include blocking known malicious domains and IP addresses, auditing workflows for unauthorized changes, and checking for suspicious repositories that may indicate data exfiltration. Security experts also recommend pinning GitHub Actions to immutable commit hashes instead of version tags to prevent similar attacks in the future.
The incident underscores a broader trend of increasingly sophisticated supply chain attacks targeting development pipelines. As organizations continue to adopt cloud-native technologies and automated workflows, securing CI/CD environments has become a critical priority in modern cybersecurity strategies.
Recommended Cyber News :
- PHI Data Breach Hits Multiple Healthcare Providers
- Ericsson Hit by Data Breach, Sensitive Data Stolen
- INTERPOL Operation Synergia III Disrupts 45,000 Malicious IPs in Global Cybercrime Crackdown
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
