ATTACKERS have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing supply-chain attack, with the incident beginning in the early hours of Thursday and continuing through Friday, according to Itay Shakury. The malware forced-pushed 75 existing trivy-action tags and seven setup-trivy tags to point to malicious dependencies, meaning any pipeline referencing those tags could execute the attacker’s code.
Spoofed tags include the widely used @0.34.2, @0.33, and @0.18.0, while version @0.35.0 appears to be the only one unaffected. The embedded malware searches pipelines and developer machines for GitHub tokens, cloud credentials, SSH keys, Kubernetes tokens and other secrets, encrypts them, and exfiltrates them to an attacker-controlled server, exfiltration notes indicating a primary and backup mechanism.
75 out of 76 trivy-action tags were force-pushed, and seven tags were force-pushed as well, a technique described by Socket and Wiz as a departure from typical supply-chain attacks. All Trivy users should read the Socket and Wiz posts and rotate secrets accordingly, according to Socket and Wiz. (20 March 2026)