Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Zerowl

March 20, 2026

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Aqua Security's Trivy, a well-known open-source vulnerability scanner, was hacked for the second time in a month to deliver malware that stole sensitive CI/CD secrets This article explores actions aquasecurity trivy. . The most recent incident affected GitHub Actions "aquasecurity/trivy-action" and "aquasecurity/setup-trivy."

The first is used to scan Docker container images for security holes, and the second is used to set up a GitHub Actions workflow with a specific version of the scanner. Philipp Burckhardt, a Socket security researcher, said, "We found that an attacker force-pushed 75 out of 76 version tags in the aquasecurity/trivy-action repository, which is the official GitHub Action for running Trivy vulnerability scans in CI/CD pipelines."

"These tags were changed to carry a harmful payload, which turned trusted version references into a way for an infostealer to spread." The payload runs inside GitHub Actions runners and tries to steal valuable developer secrets from CI/CD environments, like SSH keys, cloud service provider credentials, databases, Git, Docker configurations, Kubernetes tokens, and cryptocurrency wallets. This incident is the second supply chain issue that Trivy has been involved in.

If the exfiltration attempt fails, the victim's own GitHub account is used to stage the stolen data in a public repository called "tpcp-docs." This is done by using the captured INPUT_GITHUB_PAT, which is an environment variable that GitHub Actions use to send a GitHub PAT to the GitHub API for authentication.

We don't know who is behind the attack right now, but there are signs that a group called TeamPCP may be responsible. The credential harvester calls itself "TeamPCP Cloud stealer" in the source code, which is what this assessment is based on. The group is also known as DeadCatx3, PCPcat, PersyPCP, ShellForce, and CipherForce.

They are known for being a cloud-native cybercrime platform that can break into modern cloud infrastructure to steal data and extort money. "The credential targets in this payload fit with the group's overall profile for cloud-native theft and monetization," Socket said.

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trending News

Coruna, DarkSword, and Democratizing Nation-State Exploit Kits

Coruna, DarkSword, and Democratizing Nation-State Exploit Kits

Apple Sends Lock Screen Alerts to Old iPhones About Active Web-Based Exploits

Apple Sends Lock Screen Alerts to Old iPhones About Active Web-Based Exploits

Wartime Usage of Compromised IP Cameras Highlight Their Danger

Wartime Usage of Compromised IP Cameras Highlight Their Danger

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Hackers use phishing ZIP files to send PXA Stealer to steal money from banks and other financial institutions.

Hackers use phishing ZIP files to send PXA Stealer to steal money from banks and other financial institutions.

China improves the backdoor it uses to spy on telecom companies around the world.

China improves the backdoor it uses to spy on telecom companies around the world.

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Attacks on infrastructure that have physical effects are down 25%.

Attacks on infrastructure that have physical effects are down 25%.

How mistakes can help businesses improve their security programs

How mistakes can help businesses improve their security programs