The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions.
Risk vector: Package managers like npm, pip, Maven, and Go modules all enable pulling dependencies directly from GitHub repositories instead of official registries. Related:Salesforce Data Thefts ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results