[MilnerRoute]

Briefly?

"Trivy Supply Chain Attack Spreads, Triggers Self-Spreading CanisterWorm Across 47 npm Packages"

https://it.slashdot.org/story/26/03/22/0039257/trivy-supply-...

[zach_vantio]

"Briefly" is doing a lot of work there. Pre-deploy scans are useless once a bad mutation is actually live. If you don't have a way to auto-revert the infrastructure state instantly, you're just watching the fire spread.

[brightball]

Seriously. All credentials compromised that it can see. It's active in CI/CD pipelines and follow on attacks are happening.