By rssfeeds-admin 
The incident did not affect Aqua’s commercial products, but it demonstrates how attackers can weaponize trusted development workflows to steal sensitive data silently.
Attack Overview
The threat actors did not distribute a separate malicious binary. Instead, they leveraged stolen GitHub credentials to manipulate existing repositories, specifically aquasecurity/trivy-action and setup-trivy.
By force-pushing malicious commits to existing version tags, they ensured that automated pipelines unknowingly pulled compromised code.
This technique proved highly effective because many organizations rely on version tags (such as v0.x) rather than immutable commit hashes in their CI/CD workflows.
As a result, pipelines automatically downloaded the altered code without triggering suspicion.
The injected payload executed before Trivy’s legitimate scanning process began. This allowed workflows to complete successfully, masking the attack while enabling silent data exfiltration.
The malware specifically targeted high-value secrets, including:
- Cloud credentials (AWS, GCP, Azure)
- API tokens and access keys
- SSH private keys
- Kubernetes service account tokens
- Docker configuration files
Because CI/CD pipelines often have broad access to infrastructure, this level of access could enable lateral movement, privilege escalation, and full environment compromise.
Timeline and Persistence
Initial compromise occurred in late February 2026. Aqua identified that incomplete credential rotation on March 1 allowed attackers to retain access.
Additional suspicious activity on March 22 suggests attempts to reestablish persistence, indicating a multi-stage operation.
Aqua has since revoked all compromised credentials, removed malicious artifacts, and transitioned away from long-lived tokens.
The company also engaged incident response firm Sygnia to support forensic investigation and containment.
Aqua confirmed that its commercial platform was not affected due to strict architectural separation. Unlike the open-source pipeline, the commercial build system:
- Operates outside GitHub
- Uses isolated infrastructure and dedicated pipelines
- Enforces strict access controls
- Requires gated security reviews
This separation prevented the malicious code from reaching enterprise customers.
Mitigation and Remediation
Organizations using Trivy in automated workflows should act immediately:
- Upgrade Trivy binary to versions 0.69.2 or 0.69.3
- Use safe GitHub Action versions: trivy-action v0.35.0 or setup-trivy v0.2.6
- Rotate all secrets if version 0.69.4 was executed in any pipeline
Security teams should assume credential exposure if affected versions were used.
Defenders should monitor and block the following indicators:
- Domain: scan.aquasecurtiy[.]org
- IP Address: 45.148.10.212
- Secondary C2: plug-tab-protective-relay.trycloudflare.com
- GitHub repo: unauthorized creation of tpcp-docs
- ICP-based C2: tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io
These indicators suggest active data exfiltration or attacker persistence.
This incident highlights a critical weakness in software supply chains: reliance on mutable version tags. Attackers exploited this trust model without introducing new files or obvious indicators.
A simple defensive improvement, pinning dependencies to immutable commit SHA hashes, could have prevented the attack entirely.
For example, referencing a specific commit ensures that even if a tag is altered, pipelines will not execute unauthorized code.
As CI/CD pipelines increasingly become high-value targets, organizations must treat them as sensitive infrastructure, applying strict access control, monitoring, and dependency integrity validation.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Aqua Security’s Trivy Scanner Hit by Supply Chain Attack appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.