trivy-second-compromise
Trivy v0.69.4 Release and Action Compromise
After incomplete containment of the February Trivy takeover, compromised credentials were used to publish malicious Trivy v0.69.4 artifacts, force-push most trivy-action version tags, and replace setup-trivy tags with credential-stealing commits. The payloads read GitHub Actions runner memory and process environments, collected developer and cloud secrets, encrypted the data, and exfiltrated to the typosquatted domain scan.aquasecurtiy.org or fallback public tpcp-docs repositories. Compromised Docker Hub images followed on March 22. Aqua deleted affected tags, released fixed action versions, and published GHSA-69fq-xp46-6x23 / CVE-2026-33634.
- Date
- 2026-03-19 to 2026-03-23
- Category
- Open Source
- Target Surface
- Revision control
- Insertion Phase
- CI/CD
- Impact
- Credential theft
- Cause
- Compromised Account/Credentials
What Was Affected
Package
trivy-second-compromise
LanguageGo
ComponentApplication
Artifact typerelease binary/container image/action
Domain typerepository/container registry
Domain
github.com, docker.io
Repository
github.com/aquasecurity/trivy
Compromised Versions
- trivy==0.69.4
- aquasec/trivy:0.69.4
- aquasec/trivy:0.69.5
- aquasec/trivy:0.69.6
- aquasecurity/trivy-action@<0.35.0
- aquasecurity/setup-trivy@<0.2.6
- safe: trivy==0.69.3
- safe: aquasecurity/trivy-action@0.35.0
- safe: aquasecurity/setup-trivy@0.2.6
Incident Context
- Motive
- Credential Theft
- Attribution
- Advanced Persistent Threat
- Transitive
- Yes
- User Impact
- 0
- Observed Duration
- 4 days
Evidence
Compromised Artifacts
Indicators and Changes
Hashes
sha256:c5b16c42dbd2a1494141cd651a406ec9094d5031a421c0aa624c4d139ae81239sha256:cff74e3e9ac0cda2078d31800d8fcad832d7b52c9920b085054d1e96dacff8a3sha256:55047c55a5ceab6d80b13884b4a4e8cd27a0bab7a218a952a00aae9e05f16f80sha256:ba04ba6a0c028cde17599c8ddaefdb854055c5a23c595e06630732002ea59a76sha256:90d61cf37355b89fae9ff84867100e1721c1876007ef1771e465ce5a721141adsha256:1dc871b02cd7a1fd80babb1b8762a2fd9cc2b735d4d3759d012626de3ccc7a5bsha256:0376b98064636c30f5fbe60fb3b1225516e23e88dd7e909937f81d9265292e7dsha256:822dd269ec10459572dfaaefe163dae693c344249a0161953f0d5cdd110bd2a0sha256:e64e152afe2c722d750f10259626f357cdea40420c5eedae37969fbf13abbecfsha256:d5edd791021b966fb6af0ace09319ace7b97d6642363ef27b3d5056ca654a94csha256:ecce7ae5ffc9f57bb70efd3ea136a2923f701334a8cd47d4fbf01a97fd22859csha256:27f446230c60bbf0b70e008db798bd4f33b7826f9f76f756606f5417100beef3sha256:12c702212dee1cbec9471e9261501a3335963321fe76e60e5a715b5acd3c40a2sha256:2d7cee41048988eec27615412e7c6e2e21046f2b5faa888c24e11ca6764058edsha256:ae3494bd6ae860d7727116681bd09fc7b20dc994ec7a8105738f0a623ea93427sha256:43f46547efd488e56dcf862ed4d7cc342730a803f8d5bec5cac443028fefabefsha256:cc464a3961e1dbe145c75343b55c2f446e08b821782ec993728c4222b0d85589sha256:5aaa1d7cfa9ca4649d6ffad165435c519dc836fa6e21b729a2174ad10b057d2bsha256:95ff680103570179feb0c6667a9b9b2d98c53fa5a9a451265036810390bbe70asha256:4f7a06bb51714713ab308d2f8125f3b09ee1c3ffbba1a5ffd0cc80da95fbb6ccsha256:edef8e5816eced552a909b878ff262c0c47776d3297bcc23796ad4cce1e85414sha256:425cd3e1a2846ac73944e891250377d2b03653e6f028833e30fc00c1abbc6d33sha256:dd8beb3b40df080b3fd7f9a0f5a1b02f3692f65c68980f46da8328ce8bb788efsha256:4b22cedea58780ff76735c3e08b9ee8cb5d06c908ffa868152f11d45349eb696sha256:5e5fb53cf4ce5555171ff5206302ba2f4f66f5381bbf673c354c87a925473f07
Commits
External References
- stepsecurity.io/blog/trivy-compromised-a-second-time---malicious-v0-69-4-release
- stepsecurity.io/blog/canisterworm-how-a-self-propagating-npm-worm-is-spreading-backdoors-across-the-ecosystem
- github.com/advisories/GHSA-69fq-xp46-6x23
- github.com/aquasecurity/trivy/discussions/10425
- socket.dev/blog/trivy-docker-images-compromised
- blog.dreamfactory.com/five-supply-chain-attacks-in-twelve-days-how-march-2026-broke-open-source-trust-and-what-comes-next
Source Data
Source record: oss/trivy/meta.yaml