ON 19 March 2026, Trivy, Aqua Security’s widely used open-source vulnerability scanner, was reported to have been compromised in a sophisticated CI/CD-focused supply chain attack. The campaign, a claim attributed to the threat actor identifying as TeamPCP, injected credential-stealing malware into official releases of Trivy and weaponised trusted distribution channels.
The attack poisoned GitHub Actions in aquasecurity/trivy-action and aquasecurity/setup-trivy, force-pushing 76 of 77 version tags and all 7 tags respectively to point to malicious commits. A malicious Trivy binary (v0.69.4) was published to official distribution channels, including GitHub Releases and container registries. Microsoft Defender XDR notes credential harvesting and exfiltration from compromised CI/CD runners, with the stolen data later encrypted and exfiltrated before the legitimate Trivy scan finished.
According to Microsoft Defender Security Research Team, the investigation continues as the activity expands to other frameworks, and defenders are urged to harden pipelines, pin immutable references, and enforce least privilege to protect against similar supply-chain attacks.