Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

•March 20, 2026

The Hacker News•Mar 20, 2026

Why It Matters

The breach demonstrates how mutable Git tags can turn trusted CI/CD tools into credential‑stealing vectors, exposing critical developer secrets across countless pipelines.

Key Takeaways

•75 of 76 Trivy Action tags replaced with malicious code
•Payload harvests environment variables, cloud keys, crypto wallets
•Attack leveraged compromised GitHub token from prior hackerbot‑claw incident
•Tag poisoning bypasses standard release checks, enabling silent distribution
•Pinning actions to SHA hashes mitigates similar supply‑chain attacks

Pulse Analysis

The open‑source vulnerability scanner Trivy, maintained by Aqua Security, has become the latest victim of a supply‑chain intrusion that underscores the fragility of CI/CD ecosystems. Within a month of a bot‑driven breach that stole a personal access token, attackers force‑pushed 75 of the 76 version tags in the official aquasecurity/trivy‑action repository, replacing them with a Python‑based infostealer. By hijacking tags rather than creating new releases, the adversary avoided the usual review pipelines, delivering malicious code to any workflow that referenced the compromised version. This technique demonstrates how credential compromise can be weaponized to rewrite Git history and silently propagate malware across thousands of pipelines.

The embedded payload runs on GitHub Actions runners, scanning memory and the file system for environment variables, SSH keys, cloud provider credentials, Kubernetes tokens, and even cryptocurrency wallet seeds. Collected data is encrypted and posted to a command‑and‑control domain, with a fallback mechanism that uses the compromised GITHUB_PAT to push the stolen payload into a public repository named tpcp‑docs if exfiltration fails. Such a multi‑stage approach gives threat actors persistent access to the most sensitive assets in modern development workflows, turning trusted automation tools into data‑exfiltration vectors.

For organizations, the incident reinforces the need to treat tags as mutable references and to adopt immutable identifiers such as full SHA hashes when referencing third‑party actions. Immediate mitigation steps include rotating all CI/CD secrets, revoking and re‑issuing compromised tokens, and blocking the attacker’s exfiltration domain and IP address. Longer‑term strategies should focus on zero‑trust token management, automated monitoring for tag‑replacements, and supply‑chain hardening through reproducible builds and signed releases. As open‑source components continue to power critical pipelines, rigorous provenance verification becomes a non‑negotiable security control.