Tag poisoning in Trivy GitHub Actions repositories delivers cloud-native infostealer payload

Timeline

1. 20.03.2026 19:47 1 articles · 2h ago

   Tag poisoning in Trivy GitHub Actions repositories delivers cloud-native infostealer payload

   Attackers force-pushed 75 version tags in aquasecurity/trivy-action and seven tags in aquasecurity/setup-trivy to malicious commits hosting a Python-based infostealer. The payload executes in GitHub Actions runners to harvest and exfiltrate CI/CD secrets, including cloud provider credentials, Kubernetes tokens, and cryptocurrency wallet keys. The compromise stemmed from reused, compromised credentials that allowed tag rewriting without Git-level exploitation. Safe releases are now available, and mitigation includes pinning Actions to full SHA hashes, blocking the exfiltration endpoint, and rotating all affected secrets.

   Show sources

   • Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets — thehackernews.com — 20.03.2026 19:47

   Open in new tab

Information Snippets

• Attackers force-pushed 75 of 76 version tags in the aquasecurity/trivy-action repository and seven tags in aquasecurity/setup-trivy, redirecting them to commits containing a Python infostealer payload.

  First reported: 20.03.2026 19:47
  1 source, 1 article
  Show sources

  • Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets — thehackernews.com — 20.03.2026 19:47

• The infostealer executes within GitHub Actions runners to extract CI/CD secrets such as SSH keys, cloud provider credentials, Kubernetes tokens, and cryptocurrency wallet keys from environment variables and files.

  First reported: 20.03.2026 19:47
  1 source, 1 article
  Show sources

  • Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets — thehackernews.com — 20.03.2026 19:47

• The malicious payload operates in three stages: harvesting secrets, encrypting them, and exfiltrating via HTTP POST to scan.aquasecurtiy[.]org; if exfiltration fails, it abuses a captured GitHub PAT to push stolen data to a public repository named "tpcp-docs".

  First reported: 20.03.2026 19:47
  1 source, 1 article
  Show sources

  • Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets — thehackernews.com — 20.03.2026 19:47

• The attack leverages previously compromised credentials with sufficient privileges to push code and rewrite tags, indicating a credential compromise carried over from a February–March 2026 incident involving the hackerbot-claw bot.

  First reported: 20.03.2026 19:47
  1 source, 1 article
  Show sources

  • Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets — thehackernews.com — 20.03.2026 19:47

• Security vendor Aqua Security acknowledged incomplete containment of the earlier incident and now enforces stricter access controls, including locking down automated actions and tokens.

  First reported: 20.03.2026 19:47
  1 source, 1 article
  Show sources

  • Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets — thehackernews.com — 20.03.2026 19:47

• Researchers note self-identification strings in the payload (“TeamPCP Cloud stealer”) and technical overlaps with known TeamPCP tooling; attribution to this actor is assessed as plausible but not confirmed.

  First reported: 20.03.2026 19:47
  1 source, 1 article
  Show sources

  • Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets — thehackernews.com — 20.03.2026 19:47