security·2 hours agoTrivy got hijacked: 75 of 76 version tags rewrote to drop a CI secret-stealerAttackers force-pushed 75 of 76 trivy-action tags to a malicious commit. Pinning by tag turned a trusted scanner into an infostealer for CI pipelines.
