Ethical Hacking News
Trivy, a popular open-source vulnerability scanner, has been breached again, this time through its GitHub Actions workflow. The attack resulted in the theft of sensitive CI/CD secrets and highlights the need for organizations to prioritize security and take proactive measures to prevent such breaches.
The Trivy security scanner's GitHub Actions workflow was compromised for the second time in a month, resulting in 75 malicious tags being pushed to the repository. An attacker exploited a compromised credential to publish malicious trivy, trivy-action, and setup-trivy releases, stealing sensitive CI/CD secrets. The attack used a Python infostealer payload that operated in three stages: harvesting environment variables, encrypting data, and exfiltrating it to an attacker-controlled server. The incident highlights the need for organizations to prioritize security, update dependencies, rotate credentials, and implement strict access controls to prevent similar breaches.
In a shocking turn of events, the Trivy security scanner's GitHub Actions workflow has been compromised for the second time within a month. The breach resulted in 75 malicious tags being pushed to the "aquasecurity/trivy-action" repository, allowing an attacker to execute malware that stole sensitive CI/CD secrets. This incident highlights the vulnerability of DevSecOps and cloud security when trust is misplaced.
The latest incident was first identified by Socket security researcher Philipp Burckhardt, who discovered that the malicious payload had been executed on GitHub Actions runners, which aimed to extract valuable developer secrets from CI/CD environments. The attack exploited a compromised credential, which was later found to have originated from an earlier supply chain incident involving Trivy.
According to Itay Shakury, vice president of open source at Aqua Security, the attackers abused a compromised credential to publish malicious trivy, trivy-action, and setup-trivy releases. In the case of "aquasecurity/trivy-action," the adversary force-pushed 75 version tags to point to the malicious commits containing the Python infostealer payload without creating a new release or pushing to a branch, as is standard practice.
The Trivy security scanner's role in DevSecOps and cloud security cannot be overstated. The tool helps organizations identify vulnerabilities in their container images and set up GitHub Actions workflows with specific versions of the scanner. However, when trust is misplaced, even the most seemingly secure tools can fall prey to malicious actors.
In this case, the attacker exploited a compromised credential to push malicious tags to the repository, effectively turning trusted version references into a distribution mechanism for an infostealer. The stealer operates in three stages: harvesting environment variables from the runner process memory and the file system, encrypting the data, and exfiltrating it to the attacker-controlled server ("scan.aquasecurtiy[.]org").
The attack also employed a fallback mechanism, which used the victim's own GitHub account to stage the stolen data in a public repository named "tpcp-docs." This indicates that the attackers are using multiple vectors to carry out their malicious activities.
The incident highlights the need for organizations to prioritize security and take proactive measures to prevent such breaches. This includes regularly updating dependencies, rotating credentials, and implementing strict access controls.
In response to the breach, Aqua Security has taken steps to lock down all automated actions and any token in order to thoroughly eliminate the problem. The company has also emphasized the importance of pinning GitHub Actions to full SHA hashes, rather than relying on version tags.
The attack is attributed to a group known as TeamPCP, which has been linked to previous instances of cloud-native cybercrime. However, it remains unclear who exactly is behind this particular breach.
In light of this incident, users are advised to ensure that they are using the latest safe releases of Trivy, trivy-action, and setup-trivy. Additionally, organizations should block the exfiltration domain and associated IP address at the network level to prevent further attacks.
As the threat landscape continues to evolve, it is essential for organizations to stay vigilant and proactive in addressing potential vulnerabilities. The breach of Trivy's GitHub Actions workflow serves as a stark reminder of the importance of prioritizing security and taking swift action when trust is misplaced.
Related Information:
https://www.ethicalhackingnews.com/articles/Trivy-Security-Scanner-GitHub-Actions-Breach-A-Threat-to-DevSecOps-and-Cloud-Security-ehn.shtml
https://thehackernews.com/2026/03/trivy-security-scanner-github-actions.html
https://github.com/aquasecurity/trivy-action/issues/541
https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html
https://flare.io/learn/resources/blog/teampcp-cloud-native-ransomware
Published: Fri Mar 20 14:40:55 2026 by llama3.2 3B Q4_K_M
