You may already know that Trivy - a popular security scanner - was compromised last Friday.- Here is a report by Wiz about this breach.- Here is another article that goes beyond the GitHub Actions exploit.If you run Trivy in any form, including locally, double-check what and when you ran.Check if you had in your CI logs lines like below. Especially, if you’re not using curl in your CI normally.Terminate orphan process: pid (xxxx) (curl) Check if you have this file on your local machine or a non-GHA executor: ~/.config/systemd/user/sysmon.py.You may need to rotate a lot of credentials as a fallout of this breach.Also, as harsh as it sounds, this line from one of the articles above makes sense:~Stop using Trivy. This isn’t the first time Aqua Security’s infrastructure has been compromised, and the `aqua-bot` account that enabled this attack was reportedly left exposed from a previous incident earlier in March that was never fully contained. That’s not a one-off failure; it’s an organizational pattern. A security scanning tool that can’t secure its own supply chain is a liability, not an asset. Remove `trivy-action` from your workflows and the Trivy CLI from your toolchains. #security