{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/trivy/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["supply-chain","credential-theft","llm","trivy"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOn March 24, 2026, reports surfaced indicating that the LiteLLM package, a library designed to provide a unified interface for interacting with various large language models, was compromised and injected with malicious code. This compromise occurred through a vulnerability in Trivy, a widely-used open-source vulnerability scanner. The malicious code was designed to steal credentials, potentially including API keys and other sensitive information used to access and manage language models. The scope of the compromise is currently unknown, but given the popularity of both LiteLLM and Trivy, the potential impact could be significant across various sectors using LLMs. This incident highlights the risks associated with supply chain vulnerabilities and the importance of thorough security audits of third-party dependencies.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA vulnerability is exploited within Trivy, potentially during its build or update process.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages this vulnerability to inject malicious code into the LiteLLM package during its build or release process.\u003c/li\u003e\n\u003cli\u003eUsers download and install the compromised LiteLLM package from the official repository (e.g., PyPI).\u003c/li\u003e\n\u003cli\u003eUpon execution of the infected LiteLLM package, the malicious code is triggered.\u003c/li\u003e\n\u003cli\u003eThe malicious code collects credentials, such as API keys, environment variables, or configuration files, from the user\u0026rsquo;s system or environment.\u003c/li\u003e\n\u003cli\u003eThe stolen credentials are exfiltrated to a remote server controlled by the attacker using network protocols like HTTP/S.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen credentials to access and control the victim\u0026rsquo;s accounts, resources, and data related to language model services.\u003c/li\u003e\n\u003cli\u003eThe attacker may further exploit the compromised systems for lateral movement, data exfiltration, or other malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful compromise of the LiteLLM package can lead to significant damage, including unauthorized access to language model APIs, data breaches, and financial losses. The number of affected users and organizations is currently unknown. Sectors relying heavily on LLMs, such as AI development, research, and various industries integrating AI-powered applications, are particularly vulnerable. If successful, the attack can result in the exposure of sensitive data, disruption of services, and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement integrity checks on all downloaded packages to verify their authenticity and prevent the installation of compromised versions (reference: overview).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious outbound connections originating from processes associated with the LiteLLM package, looking for connections to unknown or malicious IPs (reference: Attack Chain, step 6).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided below to detect potential credential theft and exfiltration attempts (reference: rules).\u003c/li\u003e\n\u003cli\u003eImplement strict access controls and least privilege principles to limit the impact of compromised credentials (reference: Impact).\u003c/li\u003e\n\u003cli\u003eConduct regular security audits of all third-party dependencies and use software composition analysis tools to identify and remediate vulnerabilities (reference: Overview).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-25T12:00:00Z","date_published":"2026-03-25T12:00:00Z","id":"/briefs/2026-03-litellm-credential-theft/","summary":"The LiteLLM package was compromised and infected with credential-stealing code through a supply chain attack leveraging the Trivy vulnerability scanner.","title":"LiteLLM Package Compromised with Credential-Stealing Code via Trivy","url":"https://feed.craftedsignal.io/briefs/2026-03-litellm-credential-theft/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["supply-chain","vulnerability-scanner","trivy"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOn March 21, 2026, reports emerged indicating that the Trivy scanner, a popular open-source vulnerability scanner used extensively in software development and deployment pipelines, has been compromised in a supply chain attack. The specifics of the initial compromise vector remain under investigation, but the impact could be widespread due to Trivy\u0026rsquo;s integration into numerous CI/CD systems and container registries. Organizations utilizing affected versions of Trivy risk deploying vulnerable or malicious containers and software builds, creating a significant security risk. The attackers\u0026rsquo; goals are currently unknown, but possibilities include injecting malware, stealing credentials, or gaining persistent access to compromised systems.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains unauthorized access to the Trivy project\u0026rsquo;s build or distribution infrastructure (potentially via compromised credentials or a software vulnerability in the build process).\u003c/li\u003e\n\u003cli\u003eThe attacker injects malicious code into a release of the Trivy scanner. This could involve modifying existing binaries or libraries, or adding new malicious components.\u003c/li\u003e\n\u003cli\u003eThe compromised Trivy release is distributed to users through official channels, such as package managers or container registries.\u003c/li\u003e\n\u003cli\u003eDevelopers and system administrators download and install the compromised Trivy scanner as part of their regular vulnerability scanning process.\u003c/li\u003e\n\u003cli\u003eThe malicious code within Trivy executes during scans, potentially allowing the attacker to gain initial access to the target system.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised Trivy scanner to establish a reverse shell connection to a command and control (C2) server.\u003c/li\u003e\n\u003cli\u003eThe attacker performs reconnaissance on the compromised system to identify sensitive data and potential targets.\u003c/li\u003e\n\u003cli\u003eThe attacker exfiltrates sensitive data, deploys ransomware, or performs other malicious activities depending on their objectives.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe compromise of the Trivy scanner represents a significant supply chain risk. Given Trivy\u0026rsquo;s widespread adoption, a successful attack could impact thousands of organizations across various sectors. The impact ranges from data breaches and financial losses due to ransomware to reputational damage and disruption of critical services. The exact number of affected organizations is currently unknown, but the potential scope is substantial.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement network connection monitoring and deploy the Sigma rule \u0026ldquo;Detect Suspicious Outbound Connection from Trivy\u0026rdquo; to identify potentially compromised Trivy instances attempting to communicate with malicious C2 servers.\u003c/li\u003e\n\u003cli\u003eMonitor process creations and deploy the Sigma rule \u0026ldquo;Detect Suspicious Trivy Execution\u0026rdquo; to identify anomalies in Trivy execution behavior.\u003c/li\u003e\n\u003cli\u003eImplement integrity monitoring for Trivy binaries and configuration files to detect unauthorized modifications.\u003c/li\u003e\n\u003cli\u003eConduct thorough security audits of your CI/CD pipelines and software supply chain to identify and mitigate potential vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-22T00:00:00Z","date_published":"2026-03-22T00:00:00Z","id":"/briefs/2026-03-trivy-supply-chain/","summary":"The widely used Trivy scanner has been compromised in an ongoing supply chain attack, potentially impacting numerous organizations using the tool for vulnerability management.","title":"Trivy Scanner Compromised in Supply Chain Attack","url":"https://feed.craftedsignal.io/briefs/2026-03-trivy-supply-chain/"}],"language":"en","title":"CraftedSignal Threat Feed — Trivy","version":"https://jsonfeed.org/version/1.1"}