> TritonInfoSec News

Home / Mar 24, 2026 / Story

#2 Dark Reading general March 23, 2026 at 21:43 UTC

Trivy Supply Chain Attack Targets CI/CD Secrets

By Jai Vijayan

AI Summary

Threat actors compromised the Trivy open source security scanner to deploy infostealers into CI/CD workflows, targeting cloud credentials, SSH keys, and tokens. This supply chain attack demonstrates how attackers are weaponizing trusted security tools to breach developer environments and steal sensitive infrastructure secrets.

Read full article → https://www.darkreading.com/application-security/t…

Relevance score: 92.0/100

Sponsored

Protect Your Business

Expert cybersecurity solutions to safeguard your organization from evolving threats.

Get Protected →

# More from March 24

1
Hacker walks away with $24.5 million after breaching Resolv DeFi platform The Record
3
Trivy supply-chain attack spreads to Docker, GitHub repos BleepingComputer
4
TeamPCP deploys Iran-targeted wiper in Kubernetes attacks BleepingComputer
5
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware The Hacker News
6
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems The Hacker News
7
Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability SecurityWeek
8
Education company Kaplan reports data breach impacting more than 230,000 The Record
9
Crunchyroll probes breach after hacker claims to steal 6.8M users' data BleepingComputer
10
FBI warns of Handala hackers using Telegram in malware attacks BleepingComputer