Widely used Trivy scanner compromised in ongoing supply-chain attack
Quick Insights
The Bottom Line
Widely-used Trivy security scanning tool was compromised in a supply-chain attack affecting vulnerability detection.
How This Affects You
Organizations using Trivy for security may have vulnerabilities missed, potentially exposing their systems and user data to attacks.
AI Summary
Hackers compromised virtually all versions of Aqua Security's Trivy vulnerability scanner through a supply chain attack beginning Thursday, with maintainer Itay Shakury confirming the breach on Friday. The attackers used stolen credentials to force-push malicious dependencies into trivy-action and setup-trivy tags, overriding git safety mechanisms that normally prevent such overwrites. Trivy, a tool with 33,200 GitHub stars that developers use to detect vulnerabilities and hardcoded secrets in software pipelines, is now suspected of being compromised across those pipelines. The threat actor's altered code could affect any organization using the scanner to vet their own software deployments, potentially exposing multiple development environments downstream.
This article is part of a story we're tracking:
Should this be getting more attention?
You Might Have Missed
Related stories from different sources and perspectives
Civil RightsAttack survivors, not believed by police, get the last word against kidnapper
After their kidnapping case drew national attention because they were accused of making it up, Denise Huskins Quinn and Aaron Quinn worked with law enforcement to help uncover additional crimes committed by their attacker – helping to bring justice to other victims and reclaiming their own story.
Civil RightsAn OB-GYN Was Repeatedly Accused of Sexual Misconduct. The State Medical Board Let Him Keep Practicing.
The post An OB-GYN Was Repeatedly Accused of Sexual Misconduct. The State Medical Board Let Him Keep Practicing. appeared first on ProPublica .
National SecurityPentagon Reveals Attacks in Latin America Are Just the Beginning
With “Operation Total Extermination” and Trump’s threats against Cuba, expect more U.S. military strikes in the region. The post Pentagon Reveals Attacks in Latin America Are Just the Beginning appeared first on The Intercept .
Civil RightsJudge grants $1 murder bond for woman accused of using pills to induce abortion - AP News
<a href="https://news.google.com/rss/articles/CBMirAFBVV95cUxQRzAtT0NvRWFPMVRVbE5qQ1BsTFhEeVdIdmZpUTBBTUpjRnNaeUJicjVxRXJDNklMZGRsWDBkdzVLLTB1eVB0Sk9kQ3dwa3VqOUJTRUpfRzczWTZrbHVtMU1Sa1Y3aHNlbUNNWlZ6b3N6TUNZZ3F2MlUyRzMwN0pOWnhfVjRNNklIM1pnSG8zdnZmeXRfYWdaeDlSZy1SWEFwU1NfaWJTLVR2Z2pL?oc=5" target="_blank">Judge grants $1 murder bond for woman accused of using pills to induce abortion</a> <font color="#6f6f6f">AP News</font>
PoliticsRubio to testify in trial of former roommate accused of secretly lobbying for Venezuela - AP News
<a href="https://news.google.com/rss/articles/CBMimgFBVV95cUxPNGNVemFWWjVNTzhZa2hwMEF5bGc0UTJMZHl0WFd1UXlIclpFcE16SjFqMmg0S05BZUdpQm15QldGTFF4X0xzWjlGYS10b3Q3MU80NVZNbFVFazZWcW1qUGVPSXlCSUhMSXRjaHVOS1VQZDA2dHllcVF6TzBnSFNmdHJKQXR1NHgtZ0V0T3NDQW40aldYc0tIRE5R?oc=5" target="_blank">Rubio to testify in trial of former roommate accused of secretly lobbying for Venezuela</a> <font color="#6f6f6f">AP News</font>
Civil RightsTwo Iowans accused of lacing lasagna with drugs to cause woman’s miscarriage
<p>Matthew Uthoff and his wife, Amber Dena Snow, allegedly gave oxycodone-laced pasta dish to unknowing victim</p><p>Two people in <a href="https://www.theguardian.com/us-news/iowa">Iowa</a> were accused of giving a pregnant woman a lasagna laced with narcotics with the intention of causing a miscarriage, according to law enforcement.</p><p>Matthew Uthoff, 35, and his wife, 36-year-old Amber Dena Snow, are accused of delivering a lasagna containing oxycodone to the pregnant individual. The couple faces several charges including delivery of a controlled substance and purposefully terminating a human pregnancy without the knowledge and voluntary consent of the pregnant individual.</p> <a href="https://www.theguardian.com/us-news/2026/mar/28/iowa-drug-laced-lasagna-pregnant-woman">Continue reading...</a>
'We're having a moment' - fear and denial in Silicon Valley over social media addiction trial
The landmark decision in an LA court may go beyond immediate impacts on defendants Meta and YouTube.
Did this story change how you see things?
Stories like this only matter when people see them. Help us get verified journalism in front of more eyes.
The Verity Ledger curates verified investigative journalism from trusted sources only.
See our sourcesMost Read This Week
Fentanyl found inside Barbies sold at Missouri discount store, police say
Senate deal reached to cap insulin costs
'The gravest crime against humanity': What does the UN vote on slavery mean?
Pentagon will remove media offices after judge reinstates NYT's press credentials
Washington ignores America's fiscal cliff
