Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets

March 20, 2026, 9:18 p.m.

Description

A new supply chain attack targeting Trivy has compromised 75 out of 76 version tags in the aquasecurity/trivy-action GitHub repository. The attacker force-pushed these tags to serve malicious payloads, effectively turning trusted version references into a distribution mechanism for an infostealer. The malicious code executes within GitHub Actions runners, targeting sensitive data in CI/CD environments. It harvests secrets from runner process memory and the filesystem, encrypts the collected data, and exfiltrates it to an attacker-controlled endpoint or a fallback GitHub-based channel. The attack's scope is significant, potentially affecting over 10,000 workflow files on GitHub referencing this action.

External References

https://otx.alienvault.com/pulse/69bd18a7cc27dfdfaf6f56a4
https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise
Tags
infostealer
exfiltration
credential theft
supply chain attack
github actions
ci/cd
2026-03-20
teampcp cloud stealer
trivy
typosquat

Date

  • Created: March 20, 2026, 9:51 a.m.
  • Published: March 20, 2026, 9:51 a.m.
  • Modified: March 20, 2026, 9:18 p.m.

Indicators

  • 18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a
  • https://scan.aquasecurtiy.org
Download all indicators here!

Attack Patterns

  • TeamPCP Cloud stealer
  • TeamPCP

Additional Informations

  • scan.aquasecurtiy.org