Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets

A recent security incident involves a compromise of GitHub Actions tags associated with Trivy, a popular vulnerability scanner. Attackers exploited this to expose CI/CD secrets and credentials. The issue affects workflows using specific Trivy-related GitHub Actions tags. The linked report details the scope and impact of the compromise.