GitHub Actions maintained for Trivy, Aqua Security's widely-used open-source vulnerability scanner, suffered a compromise leading to the deployment of malware designed to pilfer sensitive CI/CD secrets. This event represents the second such significant breach impacting Trivy within a single month. Attackers hijacked 75 distinct tags associated with the `aquasecurity/trivy-action` and `aquasecurity/setup-trivy` GitHub repositories1. These actions are critical components in many CI/CD pipelines, specifically employed for tasks like scanning Docker container images for known vulnerabilities and configuring necessary workflow environments. The breach facilitated the injection of malicious code, enabling the exfiltration of vital credentials and tokens directly from development and deployment environments. The repeated exploitation of a trusted security utility within the software supply chain highlights a significant blind spot for organizations. Relying on such tools without rigorous verification exposes critical infrastructure to supply chain attacks, making a robust third-party security assessment imperative.