Discussion
Search code, repositories, users, issues, pull requests...
snailmailman: Are the spam comments all from compromised accounts, presumably compromised due to this hack?I only clicked on a handful of accounts but several of them have plausibly real looking profiles.
bakugo: Some of them were likely already compromised before these incidents, here's one of the accounts near the top making malicious commits to its own repository before the first hack:https://github.com/Hancie123/mero_hostel_backend/commit/4bcb...
RS-232: Pretty ironic that the security tool is insecure
wswin: what comments?
Shank: This attack seems predicated on a prior security incident (https://socket.dev/blog/unauthorized-ai-agent-execution-code...) at Trivy where they failed to successfully remediate and contain the damage. I think at this time, Trivy should’ve undertaken a full reassessment of risks and clearly isolated credentials and reduced risk systemically. This did not happen, and the second compromise occurred.
MilnerRoute: Briefly?"Trivy Supply Chain Attack Spreads, Triggers Self-Spreading CanisterWorm Across 47 npm Packages"https://it.slashdot.org/story/26/03/22/0039257/trivy-supply-...
zach_vantio: "Briefly" is doing a lot of work there. Pre-deploy scans are useless once a bad mutation is actually live. If you don't have a way to auto-revert the infrastructure state instantly, you're just watching the fire spread.
