Trivy Vulnerability Scanner Compromised in Supply-Chain Attack by TeamPCP

Threat actors known as TeamPCP compromised the Trivy vulnerability scanner through a sophisticated supply-chain attack targeting infrastructure security. The group distributed credential-stealing malware via official GitHub releases and compromised workflows used by development teams. Security researchers identified the backdoor in version 0.69.4, alerting the community to the risk.