Posts tagged "github-actions"

criticalVulnerabilities & Exploits

Critical Supply Chain Attacks Hit Trivy Scanner While CISA Adds 5 CVEs to KEV Catalog

Threat actors compromised Trivy vulnerability scanner multiple times, deploying self-propagating CanisterWorm malware across 47 npm packages and stealing CI/CD secrets from GitHub Actions. Meanwhile, CISA added 5 actively exploited vulnerabilities affecting Apple, Craft CMS, and Laravel to its KEV catalog with an April 3rd patching deadline.

Mar 21, 2026The Hacker News, Microsoft Security, MSRC Security Updates

supply-chain-attackstrivynpm-packages

🇺🇸Apple

Supply Chain Attack Compromises Aqua Security's Trivy Scanner

TeamPCP threat actors injected credential-stealing malware into Aqua Security's popular Trivy vulnerability scanner and related GitHub Actions. Organizations using Trivy need to immediately audit their environments for potential credential compromise.

Mar 21, 2026Wiz Blog

supply-chain-attacktrivycredential-theft

Tag: github-actions

Critical Supply Chain Attacks Hit Trivy Scanner While CISA Adds 5 CVEs to KEV Catalog

Supply Chain Attack Compromises Aqua Security's Trivy Scanner

Tag: github-actions

Critical Supply Chain Attacks Hit Trivy Scanner While CISA Adds 5 CVEs to KEV Catalog

Supply Chain Attack Compromises Aqua Security's Trivy Scanner