Trivy Vulnerability Scanner Compromised in Supply Chain Attack

The popular open-source vulnerability scanner Trivy, maintained by Aqua Security, was compromised in a sophisticated supply chain attack to deliver malware that stole sensitive CI/CD secrets. Attackers force-pushed 75 out of 76 version tags in GitHub Actions repositories, turning trusted version references into a distribution mechanism for an infostealer. This initial breach led to follow-on attacks that compromised 47 npm packages with a self-propagating worm named CanisterWorm. The worm uses an Internet Computer Protocol (ICP) canister on the Internet Computer blockchain as a dead drop resolver for its command-and-control server, marking the first documented abuse of an ICP canister for this purpose. This incident highlights the critical importance of supply chain security and the need for organizations to verify the integrity of their development tools and dependencies. All users of Trivy should immediately verify their installations and rotate any potentially compromised credentials.