This page collects WhisperX intelligence signals tagged #CVE-2026-33634. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. A threat actor, using stolen credentials, force-pushed malicious code to 76 out of 77 version tags in the `aquasecurity/trivy-action` repository, replacing legitimate releases with credential-stea...
A sophisticated supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. Threat actors used stolen credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repository to credential-...
A critical supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repos...
A sophisticated supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy, a critical open-source security scanner used by millions of projects. Threat actors used stolen credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aqua...
A sophisticated supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release and force-push 76 out of 77 version tags in the `aquasecurity/trivy-action` reposit...
A critical supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repos...
A critical supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. On March 19, 2026, a threat actor used stolen credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repository...
A sophisticated supply chain attack has compromised the widely used `aquasecurity/trivy-action` GitHub Action, with a threat actor using stolen credentials to force-push malware to 76 out of 77 version tags. The attack, detailed in a GitHub security advisory, began on March 19, 2026, when the actor published a maliciou...
A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project, with a threat actor using stolen credentials to publish malicious software releases and overwrite nearly all version tags in the official GitHub repositories. The breach directly targeted the `aquasecurity/triv...
A critical supply chain attack has compromised the official GitHub Actions for Trivy, a widely used open-source security scanner. On March 19, 2026, a threat actor used stolen credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repo...
A sophisticated supply chain attack has compromised the core security scanning tools of Aqua Security, directly targeting the widely used Trivy vulnerability scanner and its GitHub Actions. Threat actors, using compromised credentials, successfully published malicious releases and force-pushed nearly all version tags f...