Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack

On March 19, 2026, a significant supply chain compromise targeted Aqua Security's Trivy scanner and associated GitHub Actions. The threat group known as TeamPCP successfully injected credential-stealing malware into the software supply chain, posing a severe risk to downstream users relying on these security tools. This incident highlights the vulnerabilities inherent in CI/CD pipelines and open-source dependencies. The primary impact involves potential unauthorized access to compromised environments through stolen credentials. Organizations utilizing Trivy are urged to immediately audit their environments for signs of compromise. Mitigation strategies include verifying checksums of installed tools, rotating credentials potentially exposed during the infection window, and monitoring GitHub Actions for unauthorized modifications. This attack underscores the critical need for rigorous supply chain security measures and continuous monitoring of third-party integrations to prevent similar credential theft incidents affecting development workflows.

On March 19, 2026, threat actors injected credential-stealing malware into Aqua Security’s Trivy scanner and related GitHub Actions. Learn how "TeamPCP" executed this breach and how to audit your environment.

On March 19, 2026, a significant supply chain compromise targeted Aqua Security's Trivy scanner and associated GitHub Actions. The threat group known as TeamPCP successfully injected credential-stealing malware into the software supply chain, posing a severe risk to downstream users relying on these security tools. This incident highlights the vulnerabilities inherent in CI/CD pipelines and open-source dependencies. The primary impact involves potential unauthorized access to compromised environments through stolen credentials. Organizations utilizing Trivy are urged to immediately audit their environments for signs of compromise. Mitigation strategies include verifying checksums of installed tools, rotating credentials potentially exposed during the infection window, and monitoring GitHub Actions for unauthorized modifications. This attack underscores the critical need for rigorous supply chain security measures and continuous monitoring of third-party integrations to prevent similar credential theft incidents affecting development workflows. On March 19, 2026, threat actors injected credential-stealing malware into Aqua Security’s Trivy scanner and related GitHub Actions. Learn how "TeamPCP" executed this breach and how to audit your environment. On March 19, 2026, threat actors injected credential-stealing malware into Aqua Security’s Trivy scanner and related GitHub Actions. Learn how "TeamPCP" executed this breach and how to audit your environment.