33 comments

[ 2.9 ms ] story [ 60.0 ms ] thread
> On March 22, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.5 and v0.69.6 DockerHub images. (https://github.com/aquasecurity/trivy/security/advisories/GH...)

So the first incident was on March 19th and the second incident is March 22nd —- evidently the attackers maintained persistence through maybe two separate credential rotation efforts.

Friendly reminder that just because someone is building security software it doesn't mean they are competent and won't cause more harm than good.

Every month the security team wants me to give full code or cloud access to some new scanner they want to trial. They love the fancy dashboards and lengthy reports but if I allowed just 10% of what they wanted we would be pwned on the regular...

From having worked at and consulted with security software producing companies as well as security software consuming ones, I would say the security companies are worse than average at security.

And their security teams more cynical.

Sometimes they deliberately hire lower aptitude candidates to run internal security to prevent them from getting distracted by the product.

In other cases they are getting high on their own supply, more or less.

Jack Welch style management seems to take a deeper toll in this sector.

/s But I thought npm was the issue, and all of this couldn't happen anywhere else?!
Wasn't this discovered already last week, on Friday, that the threat actor had replaced the legit images with malware images? And republished 75 out of 76 tags?
I always run such tools inside sandboxes to limit the blast radius.
You're supposed to scan for vulnerabilities, not become one!
a security scanner that cant secure its own credentials. at this point the irony writes itself
How the heck are credential compromises still a thing with 2FA and refresh tokens???
second breach in a month from the same initial credential compromise. the first rotation didn't fully revoke access. the attacker walked right back in. no persistence needed.
My initial thought is that if this isn't a new compromise, Trivy must not have rotated the old credentials. They claim, however,

> We rotated secrets and tokens, but the process wasn't atomic and attackers may have been privy to refreshed tokens

… does anyone know what exactly they're talking about, here? To my knowledge, GH does not divulge new tokens after they're issued, but it depends on the exact auth type we're talking about, and GH has an absurd number of different types of tokens/keys one can use.

Well, not my best 2 weeks at work, now I have to fill out a dozen forms and sit trough a shitload of meeting, just because they got pwned (twice, or once, but really badly :D )
(comment deleted)
"GitHub's own security guidance recommends pinning actions to full commit SHAs as the only truly immutable way to consume an action"

Why doesn't GitHub just enforce immutable versioning for actions? If you don't want immutable releases, you don't get to publish an Action. They could decide to enforce this and mitigate this class of issue.

I think that GitHub should set up Actions so that whenever you run a Github Actions step, it checks to see if either you have pinned it to a SHA or if the repository has immutable tags configured. If not, put a giant warning at the top of every pipeline run so that people are aware of the issue.
People have been warning about giant security holes in GitHub Actions dependency but MS did nothing.
> This allowed the threat actor to perform authenticated operations, including force-updating tags

Hey look, infrastructure underpinning the security of thousands of products, being compromised in a way a simple setting could have prevented (Do not allow overriding tags is an old GH setting). Yet another reason we need a Software Building Code. I wonder how many more of these reasons we'll find in 2026.

This is a good wake-up call (or reminder) that many “supply chain security” products are no more secure or responsibly engineered than the stacks they’re intended to protect. This is a characteristic of security software in general, but the rise of these kinds of “run us everywhere” tools/products invite new and exciting ways for an attacker to compromise large numbers of users in a single campaign.
So by wanting to improve the security of my application, I ended up lowering the security of my application? Nice.
This post is from March 20 and update on 22! Not today!!!

Please don’t scare people like this!

This has always been my big "WTH?" whenever I see people using github actions. "You're literally taking someone else's script and ruining it against your codebase"