Supply Chain Attack Compromises Aqua Security's Trivy Scanner

Attack Overview

On March 19, 2026, threat actors successfully compromised Aqua Security's Trivy vulnerability scanner, injecting credential-stealing malware into the widely-used container security tool. The attack, attributed to a group known as "TeamPCP," represents a significant supply chain compromise affecting organizations worldwide that rely on Trivy for container image scanning.

Technical Details

According to Wiz researchers, the attackers targeted multiple components of the Trivy ecosystem:

• Core Trivy scanner: Malicious code was injected into the main scanning binary
• GitHub Actions: Related automation workflows were compromised
• Credential harvesting: The malware specifically targeted authentication tokens and secrets

The compromise allowed attackers to potentially access sensitive credentials from any environment running the infected Trivy versions, creating a cascading security risk for organizations using the tool in their CI/CD pipelines and security workflows.

Impact Assessment

Trivy is one of the most popular open-source vulnerability scanners for containers and cloud-native applications, with millions of downloads and widespread adoption across enterprise environments. The compromise creates several critical risks:

Immediate Concerns

• Credential theft: Environments running compromised Trivy versions may have exposed authentication tokens
• Lateral movement: Stolen credentials could enable attackers to access additional systems
• CI/CD pipeline compromise: Automated scanning workflows may have been infiltrated

Supply Chain Implications

This incident highlights the vulnerability of security tools themselves becoming attack vectors. Organizations that trusted Trivy to secure their container environments now face the possibility that their security tool was actively undermining their defenses.

Recommended Actions

Security teams should immediately implement the following response measures:

Immediate Response

1. Stop using affected Trivy versions until further notice from Aqua Security
2. Audit recent Trivy executions for signs of credential access or exfiltration
3. Rotate potentially exposed credentials including API keys, tokens, and service account credentials
4. Review CI/CD pipeline logs for unusual activity during the compromise window

Environment Assessment

• Examine systems where Trivy was deployed for indicators of compromise
• Check for unauthorized access using credentials that may have been exposed
• Monitor for lateral movement attempts from compromised environments

Long-term Mitigations

• Implement software supply chain security controls for all security tools
• Consider using multiple vulnerability scanners to reduce single points of failure
• Establish incident response procedures specifically for compromised security tools

TeamPCP Attribution

The attack has been attributed to TeamPCP, though limited details about this threat actor group are currently available. The sophistication required to compromise a widely-used security tool suggests an organized threat actor with significant technical capabilities.

Industry Response

This compromise underscores the critical importance of securing the security tools themselves. As organizations increasingly rely on automated security scanning in their development workflows, the compromise of these tools creates systemic risks that extend far beyond individual vulnerabilities.

Security teams must now consider their vulnerability scanners and other security tools as potential attack vectors requiring the same rigorous security controls applied to other critical infrastructure components.

Sources

https://www.wiz.io/blog/trivy-compromised-teampcp-supply-chain-attack