1. Aqua Security Trivy Supply Chain Attack: Malicious Releases & Credential-Stealing Tags Force-Pushed to GitHub
A sophisticated supply chain attack has compromised the core security tools of Aqua Security, a major player in the container and vulnerability scanning space. Threat actors used compromised credentials to publish malicious releases of the Trivy scanner and force-push nearly all version tags in its associated GitHub re...