Archive: https://archive.today/nEpq7
From the post:
>On March 19, we observed that a threat actor used a compromised credential to publish malicious trivy (v0.69.4), trivy-action, and setup-trivy releases. This was a follow up from the recent incident (2026-03-01) which exfiltrated credentials. Our containment of the first incident was incomplete. We rotated secrets and tokens, but the process wasn't atomic and attackers may have been privy to refreshed tokens. We are now taking a more restrictive approach and locking down all automated actions and any token in order to thoroughly eliminate the problem.
Archive: https://archive.today/nEpq7
From the post:
>>On March 19, we observed that a threat actor used a compromised credential to publish malicious trivy (v0.69.4), trivy-action, and setup-trivy releases. This was a follow up from the recent incident (2026-03-01) which exfiltrated credentials. Our containment of the first incident was incomplete. We rotated secrets and tokens, but the process wasn't atomic and attackers may have been privy to refreshed tokens. We are now taking a more restrictive approach and locking down all automated actions and any token in order to thoroughly eliminate the problem.
Login or register