Socket, Wiz, and Aqua Security report that attackers compromised Trivy’s build pipeline and GitHub Actions, distributing trojanized binaries and workflows that harvested sensitive credentials across cloud and CI/CD environments.
The research shows a direct link between incomplete incident containment and a follow-on supply chain compromise, where previously exfiltrated credentials were reused to publish malicious releases and overwrite repository tags. Aqua Security confirms the product team failed to fully invalidate compromised credentials, enabling attackers to regain access.
The attack demonstrates three critical lessons: weak credential lifecycle management, lack of integrity protection on CI/CD artifacts, and excessive trust in third-party tooling. The compromised Trivy versions and GitHub Actions executed malicious code before legitimate scans, silently exfiltrating secrets including cloud credentials, SSH keys, and CI/CD tokens.
Socket and Wiz found the malware also established persistence and fallback exfiltration paths, while Aikido links the same threat actor to a worm capable of propagating through npm ecosystems. Organizations using affected versions are advised to treat environments as fully compromised.
| What’s happening | Cause | Action |
|---|---|---|
| Compromised credentials reused after incident | Aqua Security confirms earlier credential theft was not fully contained | Check for long-lived or reused credentials and verify full rotation with immediate invalidation across all environments |
| CI/CD pipeline integrity was not protected | Attackers modified GitHub Actions entrypoints and releases without detection | Validate integrity of CI/CD pipelines by checking for unauthorized changes to workflows, scripts, and release artifacts |
| Git tags and releases were mutable and abused | Threat actors force-pushed 75 tags to malicious commits | Audit repositories for forced tag updates and enforce protections like signed commits and tag immutability |
| Third-party tool trust enabled silent compromise | Malicious Trivy versions executed before legitimate scans | Identify all external dependencies and verify version integrity, including hash validation and trusted sources |
| Secrets exposed across multiple environments | Infostealer harvested cloud, SSH, CI/CD, and database credentials | Scan environments for exposed credentials in files, env vars, and configs, and enforce secret rotation policies |
| Lack of runtime monitoring in CI/CD | Malicious behavior executed inside GitHub Actions unnoticed | Monitor CI/CD runtime behavior for abnormal file access, network calls, and credential harvesting patterns |
| Weak persistence and exfiltration detection | Malware used fallback exfiltration via GitHub repos and systemd persistence | Check for unauthorized systemd services, unexpected repos, and outbound connections to suspicious domains |
This incident shows a direct breakdown in credential governance, CI/CD integrity, and third-party risk control. The result is full environment compromise—attackers gained access to cloud platforms, infrastructure, and developer systems through trusted tooling.
The business impact is severe:
Most critically, this was preventable. The failure to fully contain an initial breach created a second, more damaging attack. Without strong detection on credential use, artifact integrity, and CI/CD behavior, organizations remain blind to this class of compromise.
SkySiege’s Cloud Assessment is a custom-built, automated Cloud Platform Assessment that scans your AWS resources and infrastructure to identify security and architecture concerns. All results are compiled to a PDF report that details what the issues are, why they’re an issue, which resources are involved and how to fix them.
We provide assessments in two formats:
The AWS Password Policy dictates the security standards and management of AWS IAM User passwords used for access to the AWS Console. We extend the default policy to increase security and minimise additional processes providing the most efficient password management configuration we can design.
cspm cloud guidance
