Executive Summary
In March 2026, Aqua Security's Trivy vulnerability scanner was compromised in a sophisticated supply chain attack orchestrated by the threat actor group TeamPCP. The attackers exploited previously stolen credentials to inject credential-stealing malware into Trivy's official releases and GitHub Actions, affecting versions 0.69.4, 0.69.5, and 0.69.6. This malicious code exfiltrated sensitive information, including cloud credentials and SSH keys, from CI/CD pipelines to attacker-controlled servers. The incident underscores the critical need for robust security measures in software supply chains to prevent such breaches. (arstechnica.com)
This attack highlights a growing trend of targeting trusted security tools to infiltrate development environments, emphasizing the importance of continuous monitoring and stringent access controls in CI/CD pipelines. Organizations must remain vigilant against evolving supply chain threats to safeguard their software development processes.
Why This Matters Now
The Trivy supply chain attack exemplifies the escalating threat of compromising trusted security tools to infiltrate development environments. Organizations must urgently enhance their CI/CD pipeline security to prevent similar breaches.
Attack Path Analysis
Attackers exploited residual access from a prior incident to inject credential-stealing malware into Trivy's GitHub repositories and Docker images. They escalated privileges by force-pushing malicious commits to existing version tags, redirecting trusted references to compromised code. The malware executed within CI/CD pipelines, harvesting sensitive credentials and secrets. Exfiltrated data was transmitted to attacker-controlled domains via HTTP POST requests. The compromise led to unauthorized access to sensitive information, potentially facilitating further attacks.
Kill Chain Progression
Initial Compromise
Description
Attackers exploited residual access from a prior incident to inject credential-stealing malware into Trivy's GitHub repositories and Docker images.
Related CVEs
CVE-2026-33634
CVSS 8.8A supply chain compromise in Aqua Security's Trivy scanner allowed attackers to inject credential-stealing malware into official releases and GitHub Actions, leading to potential unauthorized access to sensitive information.
Affected Products:
Aqua Security Trivy – 0.69.4
Aqua Security trivy-action – 0.0.1 – 0.34.2
Aqua Security setup-trivy – 0.2.0 – 0.2.6
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Compromise Software Supply Chain
Valid Accounts
Unsecured Credentials
Data from Local System
Exfiltration Over C2 Channel
Application Layer Protocol
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Ensure all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches.
Control ID: 6.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 6
CISA ZTMM 2.0 – Data Security
Control ID: Pillar 3: Data
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
Critical exposure through CI/CD pipelines using compromised Trivy scanner, GitHub Actions poisoning enables credential theft and supply chain infiltration.
Information Technology/IT
Widespread vulnerability via infected vulnerability scanners in DevSecOps workflows, enabling lateral movement through compromised cloud credentials and Kubernetes secrets.
Computer/Network Security
Ironic compromise of security tooling creates trust erosion, with malicious Trivy versions bypassing detection while harvesting AWS, GCP, Azure credentials.
Financial Services
High-value target for credential harvesting attacks through compromised CI/CD pipelines, with strict compliance requirements making supply chain integrity critical.
Sources
- Guidance for detecting, investigating, and defending against the Trivy supply chain compromisehttps://www.microsoft.com/en-us/security/blog/2026/03/24/detecting-investigating-defending-against-trivy-supply-chain-compromise/Verified
- Widely used Trivy scanner compromised in ongoing supply-chain attackhttps://arstechnica.com/security/2026/03/widely-used-trivy-scanner-compromised-in-ongoing-supply-chain-attack/Verified
- Trivy supply chain compromise: What Docker Hub users should knowhttps://www.docker.com/blog/trivy-supply-chain-compromise-what-docker-hub-users-should-know/Verified
- Ongoing 'TeamPCP' Supply-Chain Campaignhttps://www.csa.gov.sg/alerts-and-advisories/advisories/ad-2026-001/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have limited the attacker's ability to exploit residual access, escalate privileges, and exfiltrate sensitive data by enforcing strict segmentation and identity-aware controls.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's ability to exploit residual access to inject malware into repositories would likely have been constrained.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges by force-pushing malicious commits would likely have been constrained.
Control: East-West Traffic Security
Mitigation: The attacker's ability to move laterally within CI/CD pipelines to harvest sensitive credentials would likely have been constrained.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish command and control channels to exfiltrate data would likely have been constrained.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's ability to exfiltrate harvested credentials to external domains would likely have been constrained.
The attacker's ability to access and exploit sensitive information would likely have been constrained.
Impact at a Glance
Affected Business Functions
- Software Development
- Continuous Integration/Continuous Deployment (CI/CD) Pipelines
- Security Operations
Estimated downtime: 7 days
Estimated loss: $500,000
Potential exposure of CI/CD secrets, cloud credentials, SSH keys, and Docker configurations.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to enforce least privilege access and prevent unauthorized lateral movement.
- • Utilize Egress Security & Policy Enforcement to monitor and control outbound traffic, detecting and blocking unauthorized data exfiltration.
- • Deploy Threat Detection & Anomaly Response mechanisms to identify and respond to suspicious activities within CI/CD pipelines.
- • Ensure Multicloud Visibility & Control to maintain comprehensive oversight across all cloud environments, detecting anomalous interactions.
- • Regularly audit and rotate credentials, and enforce strong identity controls to minimize the risk of credential compromise.
