This page collects WhisperX intelligence signals tagged #supply-chain-attack. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. A threat actor, using stolen credentials, force-pushed malicious code to 76 out of 77 version tags in the `aquasecurity/trivy-action` repository, replacing legitimate releases with credential-stea...
A sophisticated supply chain attack has compromised the official GitHub repositories for Aqua Security's Trivy vulnerability scanner, with a threat actor using stolen credentials to publish malicious software releases and force-push dozens of version tags to credential-stealing malware. The attack targeted the core `aq...
A sophisticated supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. Threat actors used stolen credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repository to credential-...
A threat actor has executed a sophisticated supply chain attack against Aqua Security's critical open-source security tools. Using compromised credentials, the attacker published a malicious version of the Trivy vulnerability scanner (v0.69.4) and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-a...
A critical supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repos...
A sophisticated supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy, a critical open-source security scanner used by millions of projects. Threat actors used stolen credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aqua...
A critical supply chain attack has compromised the official GitHub Actions for Trivy, a widely used open-source security scanner. On March 19, 2026, a threat actor used stolen credentials to publish a malicious version of Trivy (v0.69.4) and executed a sweeping hijack of the project's version history. The attacker forc...
A sophisticated supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release and force-push 76 out of 77 version tags in the `aquasecurity/trivy-action` reposit...
A critical supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repos...
A sophisticated supply chain attack has compromised the core security tools of Aqua Security, a major player in the container and vulnerability scanning space. Threat actors used compromised credentials to publish malicious releases of the Trivy scanner and force-push nearly all version tags in its associated GitHub re...
A critical supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. On March 19, 2026, a threat actor used stolen credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repository...
A sophisticated supply chain attack has compromised the official GitHub Actions for Trivy, a critical open-source security scanner used by millions of repositories. Threat actors, using stolen credentials, successfully published malicious releases and force-pushed nearly all version tags for the `aquasecurity/trivy-act...
A critical supply chain attack has compromised the widely-used `axios` HTTP client library. On March 31, 2026, the npm accounts of the axios lead maintainer were hijacked, leading to the publication of two malicious package versions: `[email protected]` and `[email protected]`. These tainted releases contained a hidden dependenc...
A sophisticated supply chain attack has compromised the widely used `aquasecurity/trivy-action` GitHub Action, with a threat actor using stolen credentials to force-push malware to 76 out of 77 version tags. The attack, detailed in a GitHub security advisory, began on March 19, 2026, when the actor published a maliciou...
A critical open-source supply chain has been compromised, with a hacker successfully inserting malware into Axios, a foundational web tool downloaded tens of millions of times each week. This is not a minor vulnerability but a direct hijacking of a core project, turning a trusted piece of infrastructure into a vector f...
A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project, injecting credential-stealing malware into official GitHub Actions and DockerHub images. The attack, executed by a threat actor using compromised credentials, directly targeted the integrity of the Trivy vulner...
A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project, with a threat actor using stolen credentials to publish malicious software releases and overwrite dozens of version tags with credential-stealing malware. The attack targeted the official `aquasecurity/trivy-ac...
A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project, with a threat actor using stolen credentials to publish malicious software releases and overwrite nearly all version tags in the official GitHub repositories. The breach directly targeted the `aquasecurity/triv...
A sophisticated supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy, a critical open-source security scanner used by millions of repositories. Threat actors used stolen credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `...
A critical supply chain attack has compromised the official GitHub Actions for Trivy, a widely used open-source security scanner. On March 19, 2026, a threat actor used stolen credentials to publish a malicious Trivy v0.69.4 release and force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repositor...