Skip to content
While investigating a spike in script execution detections across several CrowdStrike Falcon® platform customers, CrowdStrike’s Engineering team traced the activity to a compromised GitHub Action named aquasecurity/trivy-action. This popular open-source vulnerability scanner is frequently used in CI/CD pipelines. Our investigation found that 76 of the scanner’s 77 release tags had been retroactive...
From Scanner to Stealer: Inside the trivy | Huntaegis