Post #8644

🛑 ALERT - Trivy, a popular open-source vulnerability scanner, was compromised after attackers hijacked 75 version tags in #GitHub Actions to deliver an infostealer. It ran in CI pipelines, stealing creds and tokens, then exfiltrating data or staging it via stolen GitHub PATs. 🔗 Attack flow, impacted versions, fixes → https://thehackernews.com/2026/03/trivy-security-scanner-github-actions.html