Trivy environment credentials leak
Data Leak
Summary
Hide ▲
Show ▼
The Trivy environment credentials leak exposed stolen authentication secrets and helped enable a later compromise, raising the risk of follow-on abuse. The credentials came from an earlier March 2026 breach and were not fully contained. The exposure mattered because attacker-held secrets can be reused against release, workflow, and cloud access paths.
Related Happenings
Shai-Hulud public GitHub repository credential exposure
Data Leak
First: 18.05.2026 20:28
Last: 18.05.2026 20:28
Sources 1
About this happening:
**Shai-Hulud** stole **developer credentials** that were later exposed in **public GitHub repositories**, turning a theft phase into a public leak of access data. The exposed mate...
Shai-Hulud public GitHub repository credential exposure
Data LeakAbout this happening: **Shai-Hulud** stole **developer credentials** that were later exposed in **public GitHub repositories**, turning a theft phase into a public leak of access data. The exposed mate...
TanStack hit by network compromise
Incident
First: 12.05.2026 17:45
Last: 12.05.2026 17:45
Sources 1
About this happening:
**TanStack** was hit by a **package compromise** on **May 11, 2026**, when attackers published **84 malicious versions** across **42 @tanstack/* packages** and abused the release...
TanStack hit by network compromise
IncidentAbout this happening: **TanStack** was hit by a **package compromise** on **May 11, 2026**, when attackers published **84 malicious versions** across **42 @tanstack/* packages** and abused the release...
Latest development: 21.05.2026 11:00
On May 17, 2026, Grafana Labs said an unauthorized attacker had downloaded its codebase after accessing the firm's GitHub environment, and the company later said additional internal operational information and business contact names and email addresses were taken from its GitHub repositories; Grafana Labs said there was no indication that customer production systems or the Grafana Cloud platform were compromised.
Checkmarx hit by network compromise
Incident
First: 27.04.2026 17:19
Last: 27.04.2026 17:19
Sources 1
About this happening:
**Checkmarx** disclosed a **breach** tied to the **March 23, 2026 Trivy supply-chain attack**, and the compromise matters because attackers used it to tamper with **GitHub Actions...
Checkmarx hit by network compromise
IncidentAbout this happening: **Checkmarx** disclosed a **breach** tied to the **March 23, 2026 Trivy supply-chain attack**, and the compromise matters because attackers used it to tamper with **GitHub Actions...
Bitwarden hit by network compromise
Incident
First: 23.04.2026 22:21
Last: 23.04.2026 22:21
Sources 1
About this happening:
**Bitwarden**'s **@bitwarden/cli** distribution channel was compromised when a malicious package briefly appeared on **npm**, putting developers who installed it at risk of **cred...
Bitwarden hit by network compromise
IncidentAbout this happening: **Bitwarden**'s **@bitwarden/cli** distribution channel was compromised when a malicious package briefly appeared on **npm**, putting developers who installed it at risk of **cred...
Developer environments using KICS data exposed after Checkmarx breach
Data Leak
First: 23.04.2026 19:05
Last: 23.04.2026 19:05
Sources 1
About this happening:
The compromised **Checkmarx KICS** toolchain was used to exfiltrate **GitHub tokens**, **cloud credentials**, and other secrets from developer environments, creating immediate acc...
Developer environments using KICS data exposed after Checkmarx breach
Data LeakAbout this happening: The compromised **Checkmarx KICS** toolchain was used to exfiltrate **GitHub tokens**, **cloud credentials**, and other secrets from developer environments, creating immediate acc...
Timeline
-
21.03.2026 19:30 2 articles · 2mo ago
Trivy environment credentials exfiltrated
Victim Impact UpdateCredentials were exfiltrated from Trivy's environment during an earlier March 2026 breach, and the containment effort was incomplete, leaving stolen secrets available for later abuse against Trivy release and workflow access paths.
Show sources
- Trivy vulnerability scanner breach pushed infostealer via GitHub Actions — www.bleepingcomputer.com — 21.03.2026 19:30
- Trivy vulnerability scanner breach pushed infostealer via GitHub Actions — www.bleepingcomputer.com — 21.03.2026 19:30