trivy

Your Security Scanner Was the Weapon: How the Trivy Supply Chain Attack Worked

John Z Black Mar 31, 2026

Threat Intelligence #trivy #supply-chain #github-actions #cicd #aqua-security #devsecops #secrets #sha-pinning #software-supply-chain

The Trivy Domino: How One Poisoned Security Tool Spread to a Thousand Cloud Environments

John Z Black Mar 25, 2026

Threat Intelligence #supply-chain #trivy #litellm #kubernetes #teampcp #cloud-security #ci-cd

A poisoned Trivy Docker image grew into one of the year's worst CI/CD compromises. Thousands of pipelines ran the payload, LiteLLM got backdoored on PyPI, and the attackers built a three-part kit designed to hit Kubernetes clusters and stay.

CanisterWorm: How TeamPCP Hijacked Your Security Scanners and Built an Untakeable Botnet

John Z Black Mar 24, 2026

Threat Intelligence #supply-chain #teampcp #canisterworm #kubernetes #ci/cd #npm #trivy #kics #wiper

TeamPCP compromised Trivy and KICS CI/CD scanner tags, spread CanisterWorm to 47 npm packages, and deployed a Kubernetes wiper targeting Iranian timezones -- all controlled via blockchain C2 that can't be taken down.

The Toolchain Turned Hostile: Trivy and Langflow Show Security Pipeline Fragility

John Z Black Mar 21, 2026

Vulnerabilities & Patching #supply-chain #trivy #langflow #ci-cd #github-actions #ai-security #devsecops #gsocket

A compromised Trivy vulnerability scanner and an AI pipeline builder exploited within 20 hours of disclosure reveal a deepening problem: the tools developers trust for security are becoming high-value attack targets.

Trivy Incident Reality Check: Your Security Tool Can Become Your Attack Path

John Z Black Mar 21, 2026

Security Operations & Resilience #trivy #github-actions #supply-chain-security #ci/cd #secrets-management

The Trivy incident is a blunt reminder that CI security tools need the same zero-trust controls as production systems.