1. Aqua Security Trivy Supply Chain Attack: Malicious Releases & Tags Force-Pushed via Compromised Credentials
A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project, with a threat actor using stolen credentials to publish malicious software releases and overwrite dozens of version tags with credential-stealing malware. The attack targeted the official `aquasecurity/trivy-ac...