March 19
Stage 1
Trivy Ecosystem Compromise
Release & tag hijacking across Aqua Security's GitHub Actions and binaries. Credential harvesting from CI runners.
Backdoored:
trivy@0.69.4–0.69.6
trivy-action (all tags)
setup-trivy@0.2.0–0.2.6
March 20–22
Stage 2
CanisterWorm & GitHub Abuse
Self-propagating npm worm backdoored 40+ packages. Aqua Security's GitHub org defaced (44 repos renamed).
Backdoored:
@emilgroup/* (45 pkgs)
@opengov/* (16 pkgs)
+ 5 other packages
March 23
Stage 3
KICS & OpenVSX Compromise
GitHub Actions tags hijacked across KICS and Checkmarx repos. Malicious VSCode extensions published via OpenVSX.
Backdoored:
kics-action (35 tags)
ast-action@v2.3.28
ast-results@2.53.0
cx-dev-assist@1.7.0
March 24
Stage 4
LiteLLM Compromised on PyPI
Two malicious PyPI releases with full attack chain: credential exfiltration, persistence, and lateral movement.
Backdoored:
litellm@1.82.7
litellm@1.82.8
March 27
Stage 5
Telnyx Compromised on PyPI
Versions 4.87.1 and 4.87.2 of the 'telnyx' PyPI package compromised.
Backdoored:
telnyx@4.87.1
telnyx@4.87.2
Docker image
GitHub Action
npm package
PyPI package
OpenVSX extension
Datadog Security Labs