March 22, 2026
Who scans the scanner?
Supply Chain Attack on Trivy
Security scanner turned secret thief—devs panic, memes erupt
TLDR: Hackers slipped malware into Trivy, a popular security tool, and briefly pushed booby-trapped updates and images while researchers say a linked worm hit the JavaScript ecosystem. Commenters are split between “stop trusting automated scripts—self-host everything” and “you can’t rebuild the internet,” with memes asking, “Who watches the watchers?”
The internet’s hottest subplot right now: the tool that’s supposed to keep you safe got caught stealing. Aqua Security’s Trivy, a popular vulnerability scanner, was hijacked by a group calling itself TeamPCP. Malicious updates spread through releases, GitHub automations (those scripts people use to build and test code), and even Docker images—then reportedly spilled into the JavaScript world via a worm. Cue the chaos: one user’s simple take—avoid community-made automations—became a war cry, while others groaned that “pin everything and pray” isn’t a strategy, it’s a wish.
Community mood? Half panic, half popcorn. The drama escalated as attackers allegedly kept slipping back in, publishing internal repos and bad Trivy versions, while Aqua and researchers scrambled to yank malware and post advisories. The big fight: convenience vs. control. The “self-host your build machines and never trust random scripts” camp is loud; the “nobody can DIY the entire internet” camp claps back. Meanwhile, jokesters are everywhere: “Who scans the scanner?” memes, and “kamikaze.sh” punchlines write themselves. Others are pleading for basics—lock down tokens, verify code by exact IDs, and stop living on blind trust.
It’s a messy reminder that software supply chains—the way tools and code move from creators to users—are only as strong as their least-boring security habit, and no one’s laughing now, except to cope
Key Points
- •On Mar 19, 2026, Aqua Security’s Trivy and related GitHub Actions were compromised, inserting credential‑stealing malware into official releases and CI/CD actions.
- •Attackers (TeamPCP) retained access from a prior incident, spoofed commits (incl. to actions/checkout), pushed Trivy v0.69.4, and used a typosquatted domain to fetch malware.
- •The aqua‑bot account was compromised; malicious workflows were pushed to tfsec, traceeshark, and trivy‑action, exfiltrating secrets via a Cloudflare Tunnel C2.
- •Malware in the Actions scraped runner memory and files for secrets, encrypted them with AES‑256+RSA‑4096, exfiltrated data, and created a tpcp‑docs repo as fallback.
- •By Mar 22, attackers expanded to npm via “CanisterWorm,” served an evolving payload (kamikaze.sh) from an ICP canister, published malicious Trivy images (0.69.5, 0.69.6) to Docker Hub, and exposed internal Aqua repos; the ICP canister was later disabled.