On March 19, 2026, attackers compromised Trivy security scanning tool credentials to publish a malicious v0.69.4 release that distributed credential-stealing malware across multiple channels. The attack targeted aquasecurity/trivy-action and aquasecurity/setup-trivy GitHub Actions, force-pushing 76 of 77 version tags to malicious commits.

This incident follows a February 2026 supply chain breach where credential rotation was not atomic, allowing attackers to retain access during the rotation window. The malicious release affected GHCR, ECR Public, Docker Hub, deb/rpm packages, and get.trivy.dev. The malware exfiltrates secrets including SSH keys, cloud credentials, and cryptocurrency wallets to attacker-controlled infrastructure.

Users who pinned to v0.69.3 or earlier remain protected by GitHub's immutable releases feature. Trivy recommends updating to v0.69.2, v0.69.3, or v0.35.0 for GitHub Actions, rotating all potentially exposed secrets, and pinning GitHub Actions to full SHA hashes. Binary and container image verification using sigstore signatures is available to confirm installation integrity.