0xensec Daily Roundup — March 24, 2026
The cybersecurity landscape continued to reel this week from the ripple effects of supply chain attacks, epitomized by the widespread compromise of Aqua Security’s internal GitHub repositories via the Trivy supply chain breach. Malicious Trivy images uploaded to Docker Hub incorporated infostealer malware, exposing developers and organizations employing versions 0.69.4 through 0.69.6 to credential theft and lateral compromise. The attack chain traced by security researchers detailed a swift, fully automated assault on all 44 repositories of the aquasec-com GitHub organization using a hijacked service account token, likely captured through prior CI/CD compromise. This breach not only defaced critical proprietary repositories but also exposed sensitive internal tooling and credentials, amplifying concerns over persistent threats targeting the foundational layers of cloud-native security infrastructure. TeamPCP, the threat group behind these actions, demonstrated increasing sophistication and automation in supply chain attack tactics, as highlighted by their evolving operations across Trivy, container orchestration platforms, and CI/CD pipelines [4][6][7][13][10].
Read more →