HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

Trivy GitHub Actions Hijacked: 75 Tags Compromised to Steal CI/CD Secrets

A supply‑chain breach of Aqua Security's Trivy GitHub Actions injected malware that harvested CI/CD credentials from pipelines that used the actions. The compromise affected dozens of organizations across cloud‑native and SaaS environments, highlighting the need for strict third‑party action vetting.

LiveThreat™ Intelligence · 📅 March 21, 2026· 📰 thehackernews.com
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
4 recommended
📰
Source
thehackernews.com

Trivy GitHub Actions Hijacked: 75 Tags Compromised to Steal CI/CD Secrets

What Happened — The open‑source vulnerability scanner Trivy, maintained by Aqua Security, suffered a second supply‑chain compromise within a month. Attackers injected malicious code into the official GitHub Actions aquasecurity/trivy-action and aquasecurity/setup‑trivy, hijacking 75 tags to exfiltrate CI/CD secrets from downstream pipelines.

Why It Matters for TPRM

  • Supply‑chain attacks bypass traditional perimeter defenses, exposing third‑party tooling risks.
  • Stolen CI/CD credentials can lead to broader infrastructure compromise across multiple environments.
  • Continuous‑integration pipelines are a high‑value target for attackers seeking privileged access.

Who Is Affected — Organizations that integrate Trivy actions into their build pipelines, spanning SaaS developers, cloud‑native platforms, fintech services, and any enterprise relying on automated container scanning.

Recommended Actions — Immediately audit all pipelines that reference aquasecurity/trivy-action or aquasecurity/setup‑trivy; rotate any CI/CD secrets that may have been exposed; consider temporary removal of the actions until the repositories are verified clean; implement strict provenance checks for third‑party GitHub Actions.

Technical Notes — Attack vector: supply‑chain compromise of GitHub Actions via tag hijacking (third‑party dependency). No public CVE; the malicious payload harvested environment variables containing tokens, API keys, and other secrets. Data types exfiltrated: CI/CD service accounts, Docker registry credentials, cloud provider keys. Source: The Hacker News

📰 Original Source
https://thehackernews.com/2026/03/trivy-security-scanner-github-actions.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Vendor Risk Hub

Point-in-time vendor reviews miss incidents like this.

Verisq AI Trust Operations replaces the annual questionnaire with continuous third-party monitoring — so vendor exposure becomes audit evidence, not a once-a-year guess.

See how Verisq AI Trust Operations works →