Matt Organ4d ago
Kevin Beaumont
Aqua Security Trivy had another supply chain compromise, I don’t know if they’ve disclosed yet. https://github.com/aquasecurity/trivy/discussions/10420
Why did this discussion about the Trivy incident get removed/closed · aquasecurity trivy · Discussion #10420

https://github.com/aquasecurity/trivy/discussions/10265 Why did this get removed when active discussion on a new (maybe related) incident was happening?

GitHub
Mar 20 at 9:23pmWeb
Show threadthepwnicorn5d ago
@GossiTheDog https://github.com/aquasecurity/trivy/discussions/10425
Trivy Security incident 2026-03-19 · aquasecurity trivy · Discussion #10425

UPDATES: A additional images 0.69.5, 0.69.6 were pushed to aqusec/trivy on DockerHub. see te updated tables for details. At the moment, updates to our databases (vuln-list*, trivy-db and trivy-java...

GitHub
Show threadoddbjorn5d ago
@GossiTheDog Reported here 23 hours ago: https://opensourcemalware.com/repository/https%3A%2F%2Fgithub.com%2Faquasecurity%2Ftrivy%2F
OpenSourceMalware.com - Community Threat Intelligence

Security professionals sharing intelligence on malicious packages, repositories, and CDNs to protect the open source ecosystem.

Show threadw1ntermute5d ago
@GossiTheDog so many slop comments
Show threadSandfish68111d ago
@GossiTheDog LiteLLM has a similar supply chain incident. Could be the same group. https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/
Supply Chain Attack in litellm 1.82.8 on PyPI

litellm version 1.82.8 on PyPI contains a malicious .pth file that harvests SSH keys, cloud credentials, and secrets on every Python startup, then attempts lateral movement across Kubernetes clusters.

FutureSearch
Show threadTaiki1d ago
@Sandfish6811 @GossiTheDog It's the same group, the compromise happened through Trivy