Advisories for Golang/Github.com/Aquasecurity/Trivy package

On March 19, 2026, threat actor TeamPCP used compromised credentials to publish a malicious Trivy v0.69.4 release containing a credential-stealing payload. The malware extracts secrets from process memory and filesystem locations including SSH keys, cloud provider credentials, Kubernetes tokens, and environment variables. Stolen data is encrypted using AES-256-CBC with RSA-4096 hybrid encryption and exfiltrated via HTTP POST to attacker infrastructure at scan.aquasecurtiy[.]org (typosquatted domain). As a fallback, stolen GitHub PATs …

If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry (ECR), Google Cloud Artifact/Container Registry, or Azure Container Registry (ACR). These tokens can then be used to push/pull images from those registries to which the identity/user running Trivy has access. Taking AWS as an example, …