This page collects WhisperX intelligence signals tagged #github-security. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A sophisticated supply chain attack has compromised the official GitHub repositories for Aqua Security's Trivy vulnerability scanner, with a threat actor using stolen credentials to publish malicious software releases and force-push dozens of version tags to credential-stealing malware. The attack targeted the core `aq...
A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project. Threat actors, using compromised credentials, successfully published malicious software releases and overwrote dozens of version tags with credential-stealing malware, directly targeting the software supply cha...
A threat actor has compromised the official GitHub repositories for Aqua Security's Trivy vulnerability scanner, force-pushing malicious code to dozens of version tags. The attack, which began on March 19, 2026, involved the use of stolen credentials to publish a malicious Trivy v0.69.4 release and to overwrite 76 out ...
A critical software supply chain attack has compromised the core security tools used by millions of developers. On March 19, 2026, a threat actor used stolen credentials to publish a malicious version of the popular vulnerability scanner Trivy (v0.69.4) and systematically hijacked 76 out of 77 version tags in the offic...