In r/cybersecurity and r/redteamsec, a Trivy compromise is described as tag poisoning that turned CI runs into credential theft, reinforcing that pulling images by tag without digest pinning creates a large supply chain attack surface.
TeamPCP compromised Aqua security’s Trivy vulnerability scanner on March 19 by force-pushing malicious commits to 76/77 version tags.
Any CI/CD pipeline that ran Trivy that day executed a credential stealer.
Mandiant confirmed 1,000+ SaaS environments hit.
this is exactly why supply chain attacks are so scary if your tools get compromised everything downstream is exposed before anyone even realizes something's wrong
pulling containers by tag is inherently risky
Trivy Supply Chain Attack (TeamPCP) — CI/CD Trust Abuse, Tag Poisoning, and Credential Theft
they got hit because pulling containers by tag is inherently risky, and 76/77 were overwritten with malware on march 19th.
how many teams still blindly trust scanner images without pinning digests or running airgapped checks, and when did we decide tooling integrity was someone else’s problem?
This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new authority voices, debates, and emerging ideas.
← Back to Cyber Security