A supply-chain attack by the TeamPCP threat actors compromised the Trivy vulnerability scanner, resulting in the distribution of credential-stealing malware through official releases and GitHub Actions. The attackers exploited the scanner's position in the software development lifecycle to push infostealing malware, highlighting the risks associated with third-party dependencies. Specifically, the breach involved the use of GitHub Actions to deliver the malware, leveraging the trust placed in automated build and deployment processes. The incident underscores the importance of securing the software supply chain, particularly for widely-used tools like Trivy, which is designed to identify vulnerabilities in container images and other artifacts1. This breach matters to security practitioners because it demonstrates how attackers can exploit trusted tools to gain access to sensitive information, making it essential to implement robust security controls and monitor dependencies for signs of compromise.