Trivy

[un]prompted 2026 – Breaking The Lethal Trifecta (Without Ruining Your Agents)

Bitwarden CLI Compromise Linked to Ongoing Checkmarx Supply Chain Campaign

AndyC 24 April 2026

The command line interface (CLI) of the popular Bitwarden open source password manager is the latest target the ongoing Checkmarx...

[un]prompted 2026 – Detecting GenAI Threats at Scale With YARA-Like Semantic Rules

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

AndyC 16 April 2026

The post GitHub Actions Supply Chain Attack: Trivy Breach & Workflow appeared first on Grip Security Blog. Since the end...

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

AndyC 28 March 2026

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python...

U.S. CISA adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog

AndyC 28 March 2026

U.S. CISA adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini March 27, 2026 The U.S....

Malicious LiteLLM versions linked to TeamPCP supply chain attack

AndyC 26 March 2026

Malicious LiteLLM versions linked to TeamPCP supply chain attack Pierluigi Paganini March 25, 2026 TeamPCP backdoored LiteLLM v1.82.7–1.82.8, likely via...

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

AndyC 25 March 2026

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named...

Claude Code and Cowork can now use your computer

The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond

AndyC 25 March 2026

The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond On March 19, 2026, a threat actor known...

44 Aqua Security repositories defaced after Trivy supply chain breach

AndyC 24 March 2026

44 Aqua Security repositories defaced after Trivy supply chain breach Pierluigi Paganini March 23, 2026 Malicious Trivy images on Docker...

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

AndyC 24 March 2026

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm...

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

AndyC 21 March 2026

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a...

Trivy

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

U.S. CISA adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog

Malicious LiteLLM versions linked to TeamPCP supply chain attack

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond

44 Aqua Security repositories defaced after Trivy supply chain breach

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

The calm before the ransom: What you see is not all there is

The calm before the ransom: What you see is not all there is

GopherWhisper: A burrow full of malware

GopherWhisper: A burrow full of malware

New NGate variant hides in a trojanized NFC payment app

New NGate variant hides in a trojanized NFC payment app

Donate Bitcoin to this address

Donate Ethereum to this address

Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed