Trivy
Coverage of Trivy in the Nexus archive.
- Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Security firm Checkmarx has been targeted in multiple supply-chain attacks over 40 days, including a breach of the Trivy vulnerability scanner and a ransomware attack. Attackers compromised GitHub accounts to deliver malware to users, stealing credentials like repository tokens and SSH keys.
- Don't pay Vect a ransom - your data's likely already wiped out
The ransomware Vect, associated with recent Trivy and LiteLLM supply-chain attacks, is actually a wiper that destroys files larger than 128KB. Check Point Research warns that paying the ransom is ineffective, as data recovery is impossible for victims.
- How the Trivy supply chain attack harvested credentials from secrets managers
The article discusses a supply chain attack leveraging Trivy that compromised secrets managers by harvesting credentials. It highlights the attack's method and implications for security practices.