On March 19, 2026, the Trivy vulnerability scanner was compromised for the second time in three weeks. Attackers force-pushed 75 out of 76 version tags in aquasecurity/trivy-action to deliver an infostealer that scrapes runner memory, harvests cloud credentials, and exfiltrates everything via encrypted channels. Here’s my full analysis of the malware payload and what you need to do if your workflows were affected.

We live in a world where almost everything is digital. To manage the digital world, we need digital accounts. It can be an online bank account, an online wallet or even a Facebook profile. When it comes to online systems, we need to pay close attention to its security and safety, but no matter how secure the system is, its weak point will always be the user.

I will teach you how not to be a weak point in global systems and how to secure your online accounts.