Trivy
9 mentions across all digests
Trivy is an open-source vulnerability scanner that was compromised in a supply chain attack by the TeamPCP group, part of a broader campaign that also hit LiteLLM, Checkmarx, and the Telnyx Python SDK.
GitHub Actions is the weakest link
GitHub Actions' mutable-dependency model and permissive fork defaults enabled a 2024-2026 supply chain attack wave compromising Ultralytics, nx, Trivy, and 23,000+ dependent repositories.
Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise
March 2026 supply chain attacks poisoned Trivy and Axios via social engineering, stealing secrets from tens of thousands of organizations across development pipelines and cloud environments with planned follow-up exploitation.
Widely used Trivy scanner compromised in ongoing supply-chain attack
Aqua Security's Trivy vulnerability scanner was compromised via stolen credentials, allowing attackers to inject malware into 75+ pipeline action tags that silently exfiltrate GitHub tokens, cloud credentials, and SSH keys to attacker servers.
Don't pay Vect a ransom - your data's likely already wiped out
Vect ransomware gang extorting victims of Trivy and LiteLLM supply chain compromises is likely destroying data anyway—Check Point Research finds 25 claimed victims since January recover little even after paying.
Open source security at Astral
Astral publishes supply-chain security hardening practices for Ruff and uv—GitHub Actions CI/CD controls, branch protection, and 2FA enforcement—to defend against package compromise incidents like LiteLLM and Trivy.