Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsPricingView Plans & Pricing
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'trivy'

View all threats tagged with 'trivy'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: trivy

Threats Tagged 'trivy'

Click on any threat for detailed analysis and mitigation recommendations

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise
0

On March 19, 2026, Trivy, an open-source vulnerability scanner, was compromised in a sophisticated CI/CD supply chain attack. Threat actors, identified as TeamPCP, injected credential-stealing malware into official Trivy releases, affecting the core binary and GitHub Actions. The attack exploited mutable tags and commit identity spoofing on GitHub. The malware performed extensive credential harvesting, targeting cloud providers, Kubernetes secrets, and various application credentials. Microsoft Defender provides detection and investigation capabilities for this threat. Recommended mitigations include updating to safe versions, hardening CI/CD pipelines, enforcing least privilege, protecting secrets, and leveraging attack path analysis to reduce lateral movement risks.

MediumMalwareUnited StatesUnited StatesGermanyGermanyUnited KingdomUnited Kingdom+7#trivy#supply chain attack#credential theft
Join the discussion
Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets
0

A new supply chain attack targeting Trivy has compromised 75 out of 76 version tags in the aquasecurity/trivy-action GitHub repository. The attacker force-pushed these tags to serve malicious payloads, effectively turning trusted version references into a distribution mechanism for an infostealer. The malicious code executes within GitHub Actions runners, targeting sensitive data in CI/CD environments. It harvests secrets from runner process memory and the filesystem, encrypts the collected data, and exfiltrates it to an attacker-controlled endpoint or a fallback GitHub-based channel. The attack's scope is significant, potentially affecting over 10,000 workflow files on GitHub referencing this action.

MediumMalwareUnited StatesUnited StatesGermanyGermanyUnited KingdomUnited Kingdom+7#ci/cd#teampcp cloud stealer#credential theft
Join the discussion

Showing 1 to 2 of 2 results

Filters:Tag: trivy
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses