trivy compromised

img of The Second Fall of Trivy: How TeamPCP Poisoned the CI/CD Supply Chain

Mar 20, 2026 7 min read

The Second Fall of Trivy: How TeamPCP Poisoned the CI/CD Supply Chain By William OGOU

Aqua Security's Trivy was compromised a second time on March 19, 2026, by "TeamPCP." Learn how malicious v0.69.4 and GitHub Actions were used to steal CI/CD secrets, how to detect the breach, and immediate remediation steps.

Your Privacy Matters