2 posts tagged with "Supply Chain"

On March 19, 2026, threat actors hijacked Aqua Security's Trivy vulnerability scanner, one of the most widely used container security tools in the open-source ecosystem, and turned it into an infostealer that exfiltrated every secret it could find from CI/CD pipelines.

If your team runs trivy-action in GitHub Actions to scan Docker images before deploying to GPU cloud infrastructure, your GPU cloud API keys, HuggingFace tokens, Weights & Biases credentials, and cloud IAM keys may have been stolen.

The attack affected 75 of 76 release tags across a roughly 12-hour window. Over 10,000 GitHub workflow files reference trivy-action, and StepSecurity's Harden-Runner telemetry detected compromised instances making outbound connections to attacker infrastructure across 12,000+ public repositories.

This post breaks down exactly what happened, what was stolen, why ML engineers face outsized risk, and the precise steps you need to take right now.

The global semiconductor industry is experiencing a structural memory shortage that has reshaped GPU availability, pricing, and procurement strategy across every computing sector. This is not a repeat of the pandemic or crypto-era supply disruptions. According to IDC, it represents "a potentially permanent, strategic reallocation of the world's silicon wafer capacity" toward high-margin AI memory products. The consequences extend from data center GPU lead times stretching beyond 30 weeks to consumer DRAM prices doubling quarter over quarter, with relief not expected before late 2027 at the earliest. For organizations that depend on GPU compute, the question is no longer when supply normalizes but how to secure access in a market where every wafer is spoken for.