What the Trivy supply chain attack did Researchers describe a supply chain incident in which malicious packages associated with Trivy were used to harvest credentials from secrets managers. How it mattered Secrets managers are typically the system of record f…
How did Trivy supply-chain attack steal credentials? #tech
A supply-chain attack leveraging malicious packages associated with Trivy, an open-source vulnerability scanner, exploited credentials from secrets managers to exfiltrate sensitive data. The attack specifically targeted systems relying on Trivy's integrations, enabling unauthorized access to corporate secrets. Affected organizations include those using Trivy for CI/CD pipelines or container security workflows, with the potential for widespread credential theft and lateral movement within networks.