Trivy Supply Chain Attack Spreads, Triggers Self-Spreading CanisterWorm Across 47 npm Packages
“We have removed all malicious artifacts from the affected registries and channels,” Trivy maintainer Itay Shakury posted today, noting that all the latest Trivy releases “now point to a safe version.” But “On March 19, we observed that a threat actor used a compromised credential…”

And … ⌘ Read more