From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise

CrowdStrike discusses how this activity was discovered, how the attack works, what the payload does, and how to defend.