{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreie6gd7lue5dy42mgktsikfq4ivjsh5eoe5z5ekdyodz36odpzzlgq",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mhmfymcxbsu2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreid44vbvpk6fz2oomgymu7ewxpgxhj2dfbhqtlbqli4nm2rkhfnikm"
    },
    "mimeType": "image/jpeg",
    "size": 221578
  },
  "path": "/trivy-github-actions-compromised-again-as-attackers-hijack-75-tags-to-steal-ci-cd-secrets/",
  "publishedAt": "2026-03-21T07:43:29.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Trivy GitHub Actions compromised again as attackers hijack 75 tags to steal CI/CD secrets",
    "VPN Central"
  ],
  "textContent": "Trivy has suffered a second supply chain incident in March, this time through its GitHub Actions ecosystem. Security researchers say an attacker force-pushed 75 out of 76 version tags in aquasecurity/trivy-action, causing workflows pinned to version tags to pull malicious code that steals secrets from CI/CD runners. The compromise did not stop with one repo. […]\n\nThe post Trivy GitHub Actions compromised again as attackers hijack 75 tags to steal CI/CD secrets appeared first on VPN Central.",
  "title": "Trivy GitHub Actions compromised again as attackers hijack 75 tags to steal CI/CD secrets"
}