A detailed breakdown of the March 2026 Trivy supply chain attack, which began as a GitHub Actions tag hijack and expanded into malicious Docker Hub images and a suspected Aqua service-account compromise. The attacker exploited incomplete credential rotation from a February breach to force-push malicious payloads to 75+ Trivy tags, deploying Python infostealers that harvested CI runner secrets, SSH keys, and cloud tokens. The post compares Trivy (a fast-moving credential theft campaign) to the broader Shai Hulud supply chain operation, and argues the core lesson is that incomplete remediation turns a single breach into a prolonged campaign. Teams need not just detection but blast-radius tracing, prioritized rotation, and verified remediation to prevent reuse of stolen credentials.
Table of contents
Attack TimelineTrivy was surgical. Shai Hulud was systemic.The real lesson is remediation, not just detectionWhy this matters nowSort: