Trivy supply chain attack turns Aqua Security scanner into a secret stealer

A supply chain attack against Aqua Security’s widely used Trivy scanner let attackers push malicious code into parts of the Trivy ecosystem and steal secrets from CI/CD environments. Aqua says the attackers used compromised credentials to publish a malicious Trivy v0.69.4 release, tamper with tags in trivy-action and setup-trivy, and later push malicious Docker Hub […] The post Trivy supply chain attack turns Aqua Security scanner into a secret stealer appeared first on VPN Central.