Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.

Socket and Wiz confirm widespread credential theft and worm‑like propagation, with cached malicious Trivy artifacts still circulating across mirror infrastructure despite takedowns. What started as a ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...

Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to ...

The European Union’s Computer Emergency Response Team, CERT-EU, has traced last week’s theft of data from the Europa.eu platform to the recent supply chain attack on Aqua Security’s Trivy open-source ...

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed. PyPI is ...

TeamPCP hackers tell Forbes that AI helped them launch a devastating spree of attacks. But they wouldn’t have succeeded if developers’ security hadn’t been so weak in the first place. TeamPCP hackers ...

How can enterprise devops teams improve the resiliency of their mission-critical apps, integrations, and data pipelines? Look ...

CERT-EU has attributed a major data breach at the European Commission to cybercrime group TeamPCP, which exploited a supply chain attack on the open-source security tool Trivy to steal 92 GB of ...

Aqua Security is scrambling to recover from supply chain attacks that first compromised the vendor's Trivy vulnerability scanner, and which have now seen threat actor TeamPCP breach its internal ...