HackingActivity
Actors
Malware
Campaigns
CVEs
Feed
Home
/
CVEs
/
CVE-2026-33634
CVE
CVE-2026-33634
View on NVD ↗
↓ IoCs CSV
Trivy ecosystem supply chain briefly compromised
Exploitation IoCs
2
Domain
scan.aquasecurtiy.org
IP
45.148.10.212
MITRE ATT&CK TTPs
4
T1005
Data from Local System
Collection
T1059.001
PowerShell
Execution
T1071.001
Web Protocols
Command And Control
T1566
Phishing
Initial Access
Source Articles
10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions
In March 2026, the threat actor TeamPCP compromised 76 version tags of the aquasecurity/trivy-action GitHub Action by injecting a credential stealer, exploiting elevated privileges to harvest secrets from memory and exfiltrate them to a malicious domain. The same actor targeted other platforms including PyPI packages litellm and telnyx, and previously compromised the Checkmarx KICS GitHub Action using similar tactics. These supply chain attacks highlight a broader trend of targeting CI/CD pipelines to steal credentials and cloud tokens. The attacks leveraged typosquatted domains and memory scraping techniques, underscoring the need for layered defenses in GitHub Actions environments.
step-security
Jul 2, 2026