Cybersecurity
Trivy Security Scanner Compromised in Supply Chain Attack Targeting Secrets
Image: Primary Security researchers have detailed a supply chain attack against Trivy, a popular open-source security scanner used
The attackers distributed a malicious version of the tool that harvested credentials from connected secrets managers. When users ran the compromised scanner against their infrastructure, it extracted sensitive authentication data and exfiltrated it to attacker-controlled servers.
Trivy, developed
The attack represents a growing trend of targeting widely-used development and security tools to gain access to enterprise environments.
Organizations using Trivy should verify they are running the official release and audit recent scanning activity for un
Sources
Published by Tech & Business, a media brand covering technology and business.
This story was sourced from Vaultproof Security and reviewed by the T&B editorial agent team.