On March 19, 2026, a threat actor group known as TeamPCP executed one of the most significant software supply chain attacks of the year - compromising Aqua Security's Trivy vulnerability scanner, an open-source tool trusted by thousands of organizations worldwide to secure their CI/CD pipelines. The irony is unmistakable: a security tool designed to find vulnerabilities became the very weapon used to steal credentials, secrets, and cryptographic keys from the pipelines it was

The Shai-Hulud supply-chain attack was a reminder that many modern compromises don’t rely on exotic exploits — they rely on trusted dependency installs quietly making outbound network calls. The attack involved malicious open-source packages that executed install-time scripts (postinstall, setup.py) to selectively fetch second-stage payloads, often only when running in CI environments, and then exfiltrate credentials or environment data.