Threat Intelligence Report

Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack

📅 March 23, 2026 📰 www.wiz.io 🔍 0 CVE(s) referenced

Aqua Security’s Trivy vulnerability scanner and related GitHub Actions were compromised by threat actors who injected credential-stealing malware, enabling widespread exfiltration of secrets and persistence mechanisms across developer and CI/CD environments—prompting urgent audits and incident response actions for all users.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle