Techly NewsGet the app

Get the latest tech news

How the Trivy supply chain attack harvested credentials from secrets managers


Trivy v0.69.4 silently harvested credentials from thousands of CI/CD pipelines. The secrets managers didn't help. Here's why — and what does.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Trivy

Trivy

Photo of secrets managers

secrets managers

Related news:

News photo

Cisco source code stolen in Trivy-linked dev environment breach

News photo

Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

News photo

1K+ cloud environments infected following Trivy supply chain attack

« OpenAI introduces ChatGPT Pro $100 tier with 5X usage limits for Codex compared to Plus
Will I ever own a zettaflop? »