# European Commission breached in supply chain attack on security tool Trivy

_Saturday, April 4, 2026 at 6:42 PM EDT · Cybersecurity, Policy · Latest · Tier 1 — Major_

![European Commission breached in supply chain attack on security tool Trivy — Primary](https://cdn0.tnwcdn.com/wp-content/blogs.dir/1/files/2026/04/european-commission-breach-trivy-supply-chain.png)

Hackers compromised the European Commission by poisoning Trivy, an open-source security scanning tool used by the institution to protect its systems, according to CERT-EU attribution. The supply chain attack represents a sophisticated compromise of a tool explicitly deployed for defensive purposes, demonstrating the expanding threat surface of security software itself. The breach adds to mounting concerns about the integrity of open-source security tools that underpin critical government infrastructure worldwide. European officials have not disclosed the extent of data accessed or systems compromised in the incident. The attack follows a pattern of advanced persistent threats targeting governmental bodies through trusted software dependencies, raising urgent questions about verification mechanisms for security tool updates.

## Sources

- [The Next Web](https://thenextweb.com/news/european-commission-breach-trivy-supply-chain)

---
Canonical: https://techandbusiness.org/newswire/CBhrSCT4p95IofwWPgI0G7
Retrieved: 2026-04-22T03:23:26.900Z
Publisher: Tech & Business (techandbusiness.org)