> TritonInfoSec News
Home / Mar 22, 2026 / Story
0
#1 BleepingComputer general March 21, 2026 at 17:30 UTC

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

By Lawrence Abrams

AI Summary

The Trivy vulnerability scanner suffered a supply-chain attack by threat actors TeamPCP, who compromised official releases and GitHub Actions to distribute credential-stealing malware. This attack impacted the widely-used open-source scanner maintained by Aqua Security, demonstrating how critical security tools can become vectors for further compromise.

Read full article → https://www.bleepingcomputer.com/news/security/tri…

Relevance score: 95.0/100

# More from March 22

  1. 2
    Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages The Hacker News
  2. 3
    Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager The Hacker News
  3. 4
    CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026 The Hacker News
  4. 5
    FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks The Hacker News
  5. 6
    DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks The Hacker News
  6. 7
    Critical Quest KACE Vulnerability Potentially Exploited in Attacks SecurityWeek
  7. 8
    US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites SecurityWeek
  8. 9
    Police take down 373,000 fake CSAM sites in Operation Alice BleepingComputer
  9. 10
    Navia Data Breach Impacts 2.7 Million SecurityWeek