Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets Trivy, the Aqua Security vulnerability scanner, was compromised again to deliver a Python-based infostealer via malicious releases and force-pushed tags in the aquasecurity/trivy-action and aquasecurity/setup-trivy GitHub Actions, exposing CI/CD secrets and developer credentials. The payload harvests environment variables and tokens, tries to exfiltrate data to scan.aquasecurtiy[.]org or stage it in a...

Trivy’s GitHub Actions were breached via 75 force-pushed tags, injecting a Python infostealer that exfiltrates CI/CD secrets and developer tokens. Attack linked to hackerbot-claw and TeamPCP. #DevOpsSecurity #GitHubAttack #TeamPCP

GitHub Developers Hit in Complex Supply Chain Cyberattack The attacker employed various techniques, including distributing malicious dependencies via a fake Python infrastructure linked to GitHub projects.

Heads up, developers! GitHub has been hit with a complex cyberattack targeting its supply chain. Stay vigilant and keep your code secure! #CyberSecurity #GitHubAttack #security #privacy #cloud #cyber #infosec #DevCommunity www.darkreading.com/application-...