Trivy supply chain compromise:
- 75 GitHub Action tags hijacked
- Infostealer deployed in CI/CD
- Secrets exfiltrated (SSH, cloud, K8s, wallets)
- Root cause: credential compromise
Lesson: Never trust tags. Pin SHAs.

Source: https://thehackernews.com/2026/03/trivy-security-scanner-github-actions.html

Follow @technadu
#InfoSec #DevSecOps #SupplyChain