← Back to context

Comment by MilnerRoute

5 days ago

Briefly?

"Trivy Supply Chain Attack Spreads, Triggers Self-Spreading CanisterWorm Across 47 npm Packages"

https://it.slashdot.org/story/26/03/22/0039257/trivy-supply-...

2 comments

MilnerRoute

Reply
zach_vantio  5 days ago

"Briefly" is doing a lot of work there. Pre-deploy scans are useless once a bad mutation is actually live. If you don't have a way to auto-revert the infrastructure state instantly, you're just watching the fire spread.

brightball  5 days ago

Seriously. All credentials compromised that it can see. It's active in CI/CD pipelines and follow on attacks are happening.