Trivy, Aqua Security's open-source vulnerability scanner, was compromised on March 19, 2026. Version 0.69.4 contained malicious code capable of stealing credentials from GitHub Secrets, and the trivy-action and trivy-setup GitHub Actions were also affected. The Apache Software Foundation (ASF) reports that a small number of ASF
Sort: