Overview
- Aqua Security confirmed attackers force-pushed 75 of 76 trivy-action tags and seven setup-trivy tags, converting widely used version references into infostealer delivery points.
- A malicious Trivy v0.69.4 release and trojanized artifacts on GitHub and container registries harvested secrets and exfiltrated encrypted data to scan.aquasecurtiy.org, with a GitHub fallback that created a public repository named tpcp-docs.
- Wiz and Socket report the operation reused residual access from last month’s Trivy-related breach after non-atomic token and secret rotation left viable credentials in place.
- Maintainers removed compromised releases and tags as vendors published indicators and mitigations, urging audits, secret rotation, network blocks for 45.148.10.212, and pinning Actions to commit SHAs.
- Safe versions cited by vendors include trivy 0.69.3, trivy-action 0.35.0, and setup-trivy 0.2.6, with no publicly confirmed downstream breaches and attribution unresolved despite the stealer referencing TeamPCP.