# OSINT Post — @thehackernews msg 8644

*Friday, March 20, 2026 at 5:50 PM UTC — Hamer Intelligence Services Desk*

**Posted**: 2026-03-20T17:50:35.000Z (2mo ago)
**Fetched**: 2026-03-21T21:32:24.263Z (2mo ago)
**Views**: 6
**Media**: photo
**Link**: https://t.me/thehackernews/8644
**Permalink**: https://hamerintel.com/data/posts/2488.md
**Source**: https://hamerintel.com/sources

---

🛑 ALERT - Trivy, a popular open-source vulnerability scanner, was compromised after attackers hijacked 75 version tags in #GitHub Actions to deliver an infostealer.It ran in CI pipelines, stealing creds and tokens, then exfiltrating data or staging it via stolen GitHub PATs.🔗 Attack flow, impacted versions, fixes → https://thehackernews.com/2026/03/trivy-security-scanner-github-actions.html