A significant supply chain attack has compromised the popular open-source vulnerability scanner Trivy, with threat actors distributing credential-stealing malware through its official release channels. The attackers, identified as TeamPCP, successfully backdoored version 0.69.4 of the scanner, publishing malicious container images and GitHub releases to unsuspecting users. Trivy is a critical tool used by developers and security teams to identify vulnerabilities, misconfigurations, and exposed secrets in containers, Kubernetes, code repositories, and cloud infrastructure. Its widespread trust and access to sensitive environments made it a high-value target for this attack, aiming to harvest authentication secrets and other critical data.
The breach was first uncovered and disclosed by security researcher Paul McCarty. Subsequent in-depth analysis by cybersecurity firms Socket and Wiz revealed the attack's sophisticated scope, affecting not just the main Trivy scanner but also its ecosystem. The threat actors compromised Trivy's GitHub build process, which allowed them to swap the legitimate `entrypoint.sh` script in GitHub Actions with a malicious version. Furthermore, they published trojanized binaries in the official Trivy v0.69.4 release. These malicious components functioned as infostealers, targeting credentials from systems where the compromised scanner or actions were executed.
The attack had a broad impact, compromising nearly all version tags within the `trivy-action` repository and related GitHub Actions like `setup-trivy`. This method ensured that any workflow automatically using these actions would pull and execute the malicious code. The attackers gained this level of access by abusing a compromised credential that had write permissions to the repository, highlighting the critical risk associated with over-privileged access tokens in CI/CD pipelines. This incident underscores the escalating threat of supply chain attacks against foundational developer tools, where a single compromise can have a cascading effect across countless downstream projects and organizations.
In response to this and other critical vulnerabilities, the cybersecurity community has issued urgent advisories. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch a maximum-severity flaw in Cisco products by a strict deadline. Simultaneously, Oracle has released an emergency fix for a critical remote code execution (RCE) vulnerability in its Identity Manager, and warnings have been issued for new RCE flaws affecting Magento stores (dubbed 'PolyShell') and Ubiquiti UniFi devices that could lead to account takeover. These concurrent threats emphasize the need for robust software supply chain security, vigilant monitoring of DevOps tools, and immediate patching of critical infrastructure.
