Full Report
Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from tens of thousands – if not more – organizations. We won’t know the full blast radius for months. Both targeted popular open source projects that are used by a ton of organizations and integrated into…
Analysis Summary
# Incident Report: Dual Supply Chain Compromise of Trivy and Axios
## Executive Summary
In March 2026, two separate supply chain attacks targeted high-profile open-source projects, Trivy and Axios, by poisoning their codebases with malware. The attackers leveraged these trusted tools to harvest secrets and credentials from tens of thousands of organizations, creating a massive "blast radius" that affects CI/CD pipelines and cloud environments globally.
## Incident Details
- **Discovery Date:** April 2026 (Public reporting)
- **Incident Date:** March 2026
- **Affected Organizations:** Users of Trivy (100,000+ users) and Axios (100M+ weekly downloads)
- **Sector:** Information Technology / Software Development
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** March 2026
- **Vector:** Software Supply Chain Compromise / Poisoned Open Source Dependencies.
- **Details:** Attackers successfully injected malicious code into the legitimate repositories of Trivy (a vulnerability scanner) and Axios (a JavaScript HTTP client).
### Lateral Movement
- **Details:** Once the malicious versions were downloaded or integrated, the malware executed within developer environments, CI/CD pipelines, and cloud production servers, allowing access to the broader organizational infrastructure.
### Data Exfiltration/Impact
- **Details:** The primary objective was the theft of "secrets"—including API keys, environment variables, and authentication tokens—from compromised systems.
### Detection & Response
- **How it was discovered:** Not explicitly detailed in the report, but likely through community audit or behavioral anomalies in secondary targets.
- **Response actions taken:** General industry notification; ongoing assessment of the "blast radius" which is expected to take months to fully realize.
## Attack Methodology
- **Initial Access:** Supply Chain Poisoning (infecting open-source tools).
- **Persistence:** Integration into CI/CD pipelines; the malware remains active as long as the poisoned version of the tool is in use.
- **Privilege Escalation:** Not specified, but likely achieved through stolen high-privilege API keys/secrets.
- **Defense Evasion:** Use of legitimate, trusted open-source packages to bypass traditional perimeter security.
- **Credential Access:** Automated harvesting of secrets and environmental variables.
- **Discovery:** Scanning local developer environments and cloud metadata services.
- **Lateral Movement:** Using stolen secrets to move from developer workstations to cloud infrastructure.
- **Collection:** Automated gathering of authentication secrets.
- **Exfiltration:** Sending stolen secrets to attacker-controlled infrastructure.
- **Impact:** Potential for unauthorized data access, resource hijacking, and long-term compromise of downstream products.
## Impact Assessment
- **Financial:** Unknown; likely high due to potential follow-on breaches and required remediation.
- **Data Breach:** Massive theft of secrets/tokens from tens of thousands of organizations.
- **Operational:** Disruption of CI/CD pipelines as organizations scramble to purge poisoned versions.
- **Reputational:** Significant erosion of trust in the open-source software ecosystem.
## Indicators of Compromise
- **Network indicators:** Connections to unexpected external C2 servers (specific IPs/URLs not provided in source text).
- **File indicators:** Modified versions of `trivy` binaries or `axios` npm package files.
- **Behavioral indicators:** Unusual outbound traffic from CI/CD runners or unexpected environment variable access.
## Response Actions
- **Containment:** Organizations advised to pin software versions and audit external dependencies.
- **Eradication:** Removal of malicious versions and rotation of all secrets/tokens exposed during the infection window.
- **Recovery:** Restoration of build environments from known-good states.
## Lessons Learned
- **Dependency Risk:** Blindly trusting popular open-source packages without version pinning or binary verification is a major security gap.
- **Secret Management:** Secrets stored in plain text within CI/CD environment variables or local files are highly vulnerable to supply chain attacks.
- **Audit Limitations:** The scale of these attacks (80% of cloud environments for Axios) makes manual auditing nearly impossible for individual firms.
## Recommendations
- **Implement SBOMs:** Use Software Bill of Materials to track and manage third-party dependencies effectively.
- **Version Pinning:** Never use "latest" tags; lock versions and hash-check every dependency.
- **Secret Rotation:** Treat all environment secrets as compromised if a supply chain tool is flagged.
- **Runtime Monitoring:** Monitor CI/CD and developer environments for unauthorized network egress or file access.