Trivy GitHub Actions compromised again as attackers hijack 75 tags to steal CI/CD secrets

Trivy has suffered a second supply chain incident in March, this time through its GitHub Actions ecosystem. Security researchers say an attacker force-pushed 75 out of 76 version tags in aquasecurity/trivy-action, causing workflows pinned to version tags to pull malicious code that steals secrets from CI/CD runners. The compromise did not stop with one repo. […] The post Trivy GitHub Actions compromised again as attackers hijack 75 tags to steal CI/CD secrets appeared first on VPN Central.