Trivy Vulnerability Scanner Compromised for Second Time

On Thursday, March 19, 2026, a malicious version of the Trivy vulnerability scanner (v0.69.4) was published by attackers, embedding a script designed to steal secrets. This incident marks the second compromise of the tool, though no additional technical details about the attack vector or stolen data were provided. The affected version was distributed without explicit mention of the attack origin or targeted platforms. No CVE identifiers were referenced in the report. The primary impact involves potential unauthorized access to sensitive information through the compromised release.