Threat Intelligence Report

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise | Microsoft Security Blog

📅 March 26, 2026 📰 www.microsoft.com 🔍 0 CVE(s) referenced

Aqua Security's Trivy vulnerability scanner and related GitHub Actions were compromised in a sophisticated supply chain attack (TeamPCP), enabling threat actors to stealthily inject credential-stealing malware into trusted CI/CD pipelines and developer environments worldwide.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle