Security Advisories

This page tracks security vulnerabilities that affect AccuKnox products and the third-party components we depend on. We disclose in accordance with coordinated responsible disclosure principles.

Report a Vulnerability

Severity

Critical

Status

Active

May 25, 2026

Trivy Supply Chain Compromise - Credential Exfiltration via Malicious GitHub Actions

Threat actor group TeamPCP injected credential-stealing malware into Trivy vO.69.4 and vO.69.5, and force-pushed to trivy-action and setup-trivy. AccuKnox infrastructure is not directly vulnerable. Credential rotation recommended.

Download PDF

Compliance Features

CloudSec Features

AppSec Features

WorkloadSec Features

AI Security Features

5G/OT Sec Features

View All Projects

Security Roadmap

Compliance Features

CloudSec Features

AppSec Features

WorkloadSec Features

AI Security Features

5G/OT Sec Features

View All Projects

Security Roadmap

Deployment Models

Security Across Industries

Technologies

Use Cases

Partner Type

Partner Programs

Security Advisories

Trivy Supply Chain Compromise - Credential Exfiltration via Malicious GitHub Actions