DigiNews

Tech Watch by Johan Denoyer

← Back to articles

Trivy Compromised a Second Time - Malicious v0.69.4 Release, aquasecurity/setup-trivy, aquasecurity/trivy-action GitHub Actions Compromised

Quality: 8/10 Relevance: 9/10

Summary

This StepSecurity article reports a second Trivy compromise in March 2026, involving a malicious v0.69.4 release and compromised GitHub Actions (aquasecurity/setup-trivy and aquasecurity/trivy-action). It documents IOCs, the attacker’s typosquat C2 domain, incident response actions (tag deletions, Homebrew downgrade), Harden-Runner detections, and provides recovery steps and remediation guidance for affected workflows.

🚀 Service construit par Johan Denoyer