Search

golem.de › news

Trivy Supply-Chain-Angriff: Wenn der Security-Scanner selbst zum Angriff wird - Golem.de

… Februar hatte ein Angreifer über eine Fehlkonfiguration in Trivys Github-Actions-Umgebung ein sogenanntes Personal Access Token extrahiert, also einen langlebigen Zugriffsschlüssel mit Schreibrechten auf die Trivy-Repositories. …

May 18, 2026 · Eine Analyse von

docker.com › blog

Trivy supply chain compromise: What Docker Hub users should know | Docker

… This post summarizes what happened, what Docker did in response, and what you should do if you use Trivy.

Mar 23, 2026 · Mark Lechner, Chief Security Officer at Docker

docker.com › blog

Trivy, KICS, and the shape of supply chain attacks so far in 2026 | Docker

Trivy, KICS, and the shape of supply chain attacks so far in 2026 | Docker

Apr 23, 2026

en.wikipedia.org › wiki › Trivy

Trivy - Wikipedia

Coordinates : 46°23′14″N 4°29′34″E  /  46.3872°N 4.4928°E  / 46.3872; 4.4928 From Wikipedia, the free encyclopedia Commune in Bourgogne-Franche-Comté, France Trivy Commune The church in Trivy Location of Trivy Trivy Show map of France Trivy Show map of Bourgogne-Franche-Comté Coordinates: 46°23′… …

Feb 24, 2008 · Contributors to Wikimedia projects

theregister.com › security › 2026 › …

LiteLLM infected with credential-stealing code via Trivy

… The software was subverted on March 19, when attackers referred to as TeamPCP used compromised credentials to publish a malicious Trivy release v0.69.4 , and again on March 22, when malicious Trivy versions v0.69.5 and v0.69.6 were published as DockerHub images. …

Mar 24, 2026 · Thomas Claburn

theregister.com › special-features › 2026 › …

1K+ cloud environments infected via Trivy attack

… Socket and Google-owned Wiz researchers over the weekend determined that the attack compromised multiple components of the Trivy project: the core scanner, the trivy-action GitHub Action, and the setup-trivy GitHub Action, and force-pushed 75 out of 76 trivy-action tags to malicious versions, meani… …

Mar 24, 2026 · Jessica Lyons

theregister.com › security › 2026 › …

Mercor says it was 'one of thousands' hit in LiteLLM attack

… Following a report that TeamPCP also breached Cisco's internal development environment and stole source code from credentials swiped via the Trivy attack, Cisco told The Register that it is "aware of the Trivy supply-chain issue that is affecting the industry." MORE CONTEXT 1K+ cloud environments i… …

Apr 2, 2026 · Jessica Lyons

bleepingcomputer.com › news › security

Official CheckMarx Jenkins package compromised with infostealer

… A company spokesperson confirmed to BleepingComputer that the threat actor obtained credentials to the repositories from the Trivy supply-chain attack in March. …

May 11, 2026 · Bill Toulas

theregister.com › security › 2026 › …

Two different attackers poisoned popular open source tools

… Then, just two weeks after Trivy, another supply chain attack hit a different open-source library. …

Apr 11, 2026 · Jessica Lyons

theregister.com › security › 2026 › …

Telnyx package latest hit in PyPI supply-chain compromise

Cyber-crime Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach Also, EU probes Snapchat, RedLine suspect extradited, AstraZeneca leak claim surfaces, and more INFOSEC IN BRIEF The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing mal… …

Mar 30, 2026 · Brandon Vigliarolo