Ethical Hacking News
Aqua Security's widely-used Trivy vulnerability scanner has been compromised in an ongoing supply-chain attack. The attackers gained access to the scanner's credentials and exploited them to force-push malicious dependencies into compromised trivy-action tags, leaving it vulnerable to exploitation by malicious actors.
Aqua Security's Trivy vulnerability scanner is affected by a significant security vulnerability. The attackers exploited credentials and pushed malicious dependencies into compromised trivy-action tags. The attack scoured development pipelines for GitHub tokens, cloud credentials, SSH keys, and other secrets, encrypting them before sending to an attacker-controlled server. The threat actor, TeamPCP, compromised the Aqua Trivy VS Code extension and made imposter commits to push malicious code. Compromised binaries were published to GitHub Releases, Docker Hub, GHCR, and ECR, while additional credentials were stolen from Aqua.
Ars Technica has recently reported on a significant security vulnerability that affects Aqua Security's widely used Trivy vulnerability scanner. The attack, which began on Thursday, compromises virtually all versions of the Trivy scanner, leaving it vulnerable to exploitation by malicious actors.
According to reports from Socket and Wiz, the attackers gained access to Trivy's credentials and exploited them to force-push malicious dependencies into compromised trivy-action tags. This allowed the malware to thoroughly scour development pipelines, including developer machines, for GitHub tokens, cloud credentials, SSH keys, Kubernetes tokens, and other secrets. Once found, the malware encrypts the data and sends it to an attacker-controlled server.
The attack begins with a compromise of the Aqua Trivy VS Code extension for the Trivy scanner last month. The attackers compromised a credential with write access to the Trivy GitHub account. Maintainers rotated tokens and other secrets in response, but the process wasn't fully "atomic," meaning it didn't thoroughly remove credential artifacts such as API keys, certificates, and passwords to ensure they couldn’t be used maliciously.
The threat actor, self-identifying as TeamPCP, made imposter commits that were pushed to actions/checkout (while spoofing user rauchg) and to aquasecurity/trivy (while spoofing user DmitriyLewen. At 17:43:37 UTC, the Trivy repository’s tag was pushed, triggering a release. This resulted in a malicious checkout that fetched credential stealer code from a typosquatted domain (scan.aquasecurtiy[.]org, resolving to 45.148.10.212), and backdoored binaries being published to GitHub Releases, Docker Hub, GHCR, and ECR.
The attackers also compromised the service account and abused their access to push malicious workflows to traceeshark and trivy-action and steal additional credentials from Aqua (including GPG keys and credentials for Docker Hub, Twitter, and Slack). These secrets were exfiltrated to a Cloudflare Tunnel C2 (plug-tab-protective-relay.trycloudflare.com).
Fortunately, so far, there are no known reports of breaches that have hit developers or organizations that used the compromised Trivy scanner. Given the app’s popularity, the thoroughness of the info-stealer, and the stealth of the operation, the potential fallout could be severe.
Admins are advised to rotate their secrets immediately.
Related Information:
https://www.ethicalhackingnews.com/articles/Aqua-Securitys-Trivy-Vulnerability-Scanner-Compromised-in-Ongoing-Supply-Chain-Attack-ehn.shtml
https://arstechnica.com/security/2026/03/widely-used-trivy-scanner-compromised-in-ongoing-supply-chain-attack/
https://ccstartup.com/blog/2026/03/20/widely-used-trivy-scanner-compromised-in-ongoing-supply-chain-attack/
https://www.joesandbox.com/analysis/1887043/0/html
https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise
Published: Fri Mar 20 18:18:26 2026 by llama3.2 3B Q4_K_M
