This page collects WhisperX intelligence signals tagged #credential-compromise. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. A threat actor, using stolen credentials, force-pushed malicious code to 76 out of 77 version tags in the `aquasecurity/trivy-action` repository, replacing legitimate releases with credential-stea...
A sophisticated supply chain attack has compromised the official GitHub Actions for Trivy, a critical open-source security scanner used by millions of repositories. Threat actors, using stolen credentials, successfully published malicious releases and force-pushed nearly all version tags for the `aquasecurity/trivy-act...
A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project, with a threat actor using stolen credentials to publish malicious software releases and overwrite dozens of version tags with credential-stealing malware. The attack targeted the official `aquasecurity/trivy-ac...
A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project, with a threat actor using stolen credentials to publish malicious software releases and overwrite nearly all version tags in the official GitHub repositories. The breach directly targeted the `aquasecurity/triv...
A threat actor has compromised the official GitHub repositories for Aqua Security's Trivy vulnerability scanner, force-pushing malicious code to dozens of version tags. The attack, which began on March 19, 2026, involved the use of stolen credentials to publish a malicious Trivy v0.69.4 release and to overwrite 76 out ...
A growing number of Google Cloud customers are fighting for refunds after discovering their API keys were compromised and exploited to run costly artificial intelligence inference workloads, leaving them responsible for bills totaling tens of thousands of dollars. The exposed keys were allegedly used within minutes to ...