top of page

Home
Products
Solutions
Industries
About
Resources
Contact

All Posts
Blog
White Papers
Videos
Podcasts
News

Infographic illustrating the Trivy supply chain attack of March 2026, showing a CI/CD pipeline where the vulnerability scanning stage is compromised by TeamPCP threat actors, with 76 poisoned GitHub Action tags leading to credential theft and cascading compromise, contrasted with a Resilience Cyber Security shield representing evidence-based software supply chain protection

Infographic illustrating the Trivy supply chain attack of March 2026, showing a CI/CD pipeline where the vulnerability scanning stage is compromised by TeamPCP threat actors, with 76 poisoned GitHub Action tags leading to credential theft and cascading compromise, contrasted with a Resilience Cyber Security shield representing evidence-based software supply chain protection

The Trivy Supply Chain Attack: A Wake-Up Call for Every Organization Running CI/CD Pipelines

On March 19, 2026, a threat actor group known as TeamPCP executed one of the most significant software supply chain attacks of the year - compromising Aqua Security's Trivy vulnerability scanner, an open-source tool trusted by thousands of organizations worldwide to secure their CI/CD pipelines. The irony is unmistakable: a security tool designed to find vulnerabilities became the very weapon used to steal credentials, secrets, and cryptographic keys from the pipelines it was

Rubi Arbel

1 day ago

Resilience Cyber Security

Resilience Cyber Security

Resilience Cyber Security transforms complex SDLC and AI security requirements into automated, enforceable programs.

Follow Us

Contact

info@resilience-sec.com

35 Hamasger St. Tel Aviv, Israel

Navigation

Subscribe to our newsletter

Email*

Yes, subscribe me to your newsletter.

Terms & Conditions

Accessibility Statement

Website by ABG Creative Studio

Home
Products
Solutions
Industries
About
Resources
Contact

bottom of page