Aqua Security’s Trivy Scanner Compromised in Supply Chain Attack

Home Cyber Attack News Aqua Security’s Trivy Scanner Compromised in Supply Chain Attack A sophisticated supply chain attack targeting Aqua Security’s widely used open-source vulnerability scanner, Trivy. A threat actor leveraged compromised credentials to distribute malicious releases, turning a trusted security tool into a mechanism for large-scale credential theft across CI/CD pipelines. The incident remains an ongoing and evolving investigation, with attackers actively weaponizing stolen credentials across the broader ecosystem. The breach originated in late February 2026 when attackers exploited a misconfiguration in Trivy’s GitHub Actions environment to extract a privileged access token. Although the Trivy team disclosed the incident and executed a credential rotation on March 1, the remediation was incomplete. This oversight allowed the adversary to retain residual access via still-valid credentials. On March 19, the threat actor escalated the attack by force-pushing malicious commits to 76 of 77 version tags in the aquasecurity/trivy-action repository and all seven tags in aquasecurity/setup-trivy. Simultaneously, a compromised service account triggered automated release pipelines to publish a backdoored Trivy binary designated as version 0.69.4. Rather than introducing a clearly malicious new version, the attackers altered existing version tags to silently inject malicious code into workflows organizations were already executing. Trivy Scanner Compromised The malicious payload was engineered to execute prior to legitimate Trivy scanning logic, allowing compromised workflows to appear as though they completed normally. During this silent execution, the malware actively collected sensitive information from CI/CD environments. Targeted secrets included API tokens, cloud provider credentials for AWS, GCP, and Azure, SSH keys, Kubernetes tokens, and Docker configuration files. The malware then exfiltrated this data to the attacker-controlled infrastructure. The attack explicitly targeted open-source users relying on mutable version tags rather than pinned commit hashes. Aqua Security has confirmed that its commercial products remain unaffected. The commercial platform is architecturally isolated from the compromised open-source environment with dedicated pipelines, strict access controls, and a controlled integration process that lags open-source releases. Aqua Security’s response efforts progressed rapidly from initial containment to active remediation in collaboration with global incident response firm Sygnia. Over the weekend of March 21-22, the investigation uncovered additional suspicious activity consistent with the threat actor attempting to reestablish access, indicating an ongoing campaign. Remediation actions include the removal of all malicious releases from distribution channels such as GitHub Releases, Docker Hub, and Amazon ECR. The security team has conducted comprehensive credential revocations across all environments, transitioned away from long-lived tokens, and is implementing immutable release verification to prevent future tampering. All compromised version tags have been deleted or repointed to known-safe, verified commits. Aqua Security also highlighted the critical role of the broader security community in mitigating the fallout. Research teams at Aikido Security and CrowdStrike were explicitly thanked for their rapid technical publications, which accelerated community awareness and response efforts. Because Trivy is an open-source project without a centralized record of its user base, this collaborative ecosystem response was essential in notifying downstream users of the active threat. Vulnerability Details Security teams are urged to immediately audit their environments for the compromised version and update to known-safe releases. Users must treat all secrets accessible to affected runner environments as exposed and execute immediate rotation. Component Compromised Version Safe Version Impact Details Trivy binary v0.69.4 v0.69.2-v0.69.3 Malicious binary published via automated release aquasecurity/trivy-action Multiple tags v0.35.0 76 of 77 version tags force-pushed to malicious commits aquasecurity/setup-trivy Multiple tags v0.2.6 All 7 version tags compromised and redirected Organizations should proactively hunt for the following network and host-based indicators within their firewalls, SIEMs, and GitHub audit logs to identify potential exfiltration or lateral movement. Indicator Type IOC Value Recommended Action Network C2 Domain scan.aquasecurtiy[.]org Block at network perimeter; hunt DNS query logs Network IP Address 45.148.10[.]212 Block at firewall; hunt outbound connections Secondary C2 Tunnel plug-tab-protective-relay.trycloudflare.com Search DNS logs for potential lateral-movement GitHub Exfiltration Repo tpcp-docs Search GitHub org for unauthorized repository creation ICP Blockchain C2 tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io Block egress to icp0.io at network perimeter Compromised Binary trivy v0.69.4 Search container registries and CI caches Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security HackerOne Data Breach – Employees Data Stolen Following Navia Hack Cyber Security News Dell Wyse Management Vulnerabilities Enables Complete System Compromise Cyber Security News Tycoon2FA Operators Resume Cloud Account Phishing After Infrastructure Disruption Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026