On March 19, 2026, Trivy, Aqua Security’s widely used open-source vulnerability scanner, was reported to have been compromised in a sophisticated CI/CD-focused supply chain attack. Threat actors leveraged access from a prior incident that was not fully remediated to inject credential-stealing malware into official releases of Aqua Security’s widely adopted open-source vulnerability scanner, Trivy....
From a pattern analysis perspective, this incident serves as an example of how nation-state actors can exploit supply-chain vulnerabilities in popular developer platforms for espionage and potential intellectual property theft. The naming of the attack "DevilsIvy" by researchers suggests that they are treating it as part of a broader ongoing campaign.
The association of UNC2452 with the Russian government raises questions about the role of nation-states in such cyberattacks and the need for incr...