In March 2026, Trivy, one of the most widely used open-source vulnerability scanners in the Kubernetes ecosystem, was weaponized against the very organizations that relied on it for security. Attackers compromised the Aqua Security repository, force-pushed malicious binaries, and poisoned 75 of 76 version tags in the process. Any pipeline that pulled trivy:latest or one of the affected tagged binaries during the active exploitation window ran attacker-controlled code and potentially exfiltrated secrets to an external server.

The post Supply Chain Attacks Are Getting Worse—How to Shrink Your Exposure appeared first on Security Boulevard.

Andy Suderman

Source: Security Boulevard
Source Link: https://securityboulevard.com/2026/04/supply-chain-attacks-are-getting-worse-how-to-shrink-your-exposure/