Again door credentials
The Trivy compromise dates to February, when TeamPCP exploited a misconfiguration in Trivy’s GitHub Actions setting, now recognized as CVE-2026-33634, to ascertain a foothold by way of a privileged entry token, according to Aqua Security.
Discovering this, Aqua Safety rotated credentials however, as a result of some credentials stay legitimate throughout this course of, the attackers had been capable of steal the newly rotated credentials.
By manipulating trusted Trivy model tags, TeamPCP compelled CI/CD pipelines utilizing the software to robotically pull down credential-stealing malware it had implanted.
This allowed TeamPCP to focus on quite a lot of beneficial info together with AWS, GCP, Azure cloud credentials, Kubernetes tokens, Docker registry credentials, database passwords, TLS personal keys, SSH keys, and cryptocurrency pockets information, based on safety researchers at Palo Alto Networks. In impact, the attackers had turned a software used to search out cloud vulnerabilities and misconfigurations right into a yawning vulnerability of its personal.
CERT-EU suggested organizations affected by the Trivy compromise to right away replace to a recognized protected model, rotate all AWS and different credentials, audit Trivy variations in CI/CD pipelines, and most significantly guarantee GitHub Actions are tied to immutable SHA-1 hashes slightly than mutable tags.
It additionally really helpful in search of indicators of compromise (IoCs) corresponding to uncommon Cloudflare tunnelling exercise or visitors spikes which may point out information exfiltration.
