Trivy, a popular open-source vulnerability scanner maintained
by Aqua Security, was compromised a second time within the span of
a month to deliver malware that stole sensitive CI/CD secrets. The
latest incident impacted GitHub Actions "aquasecurity/trivy-action"
and "aquasecurity/setup-trivy," which are used to scan Docker
container images for vulnerabilities and set up GitHub Actions
workflow
Read more https://thehackernews.com/2026/03/trivy-security-scanner-github-actions.html
