RoseSecurity - Overview
RoseSecurity has 24 repositories available. Follow their code on GitHub.
How a Typosquatted Domain and a Fake Version Tag Turned Trivy Into a Credential Stealer
rosesecurity.devOn March 19, 2026, someone (or some group) poisoned the Aqua Security Trivy ecosystem. A tool that thousands of organizations rely on to find vulnerabilities in their container images and configurations was quietly turned into a weapon that stole their secrets instead. I spent some time pulling apart the malicious code and cross-referencing findings from Wiz’s analysis, and figured the walkthrough was worth sharing. Here’s how it happened (and how a majority of the tech industry ignored the compromise because it was a Friday).
CVE-2026-33634 - GitHub Advisory Database
Trivy ecosystem supply chain was briefly compromised
Scott's Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking
Original, technical content centered around cloud computing, Kubernetes, Linux, containers, and networking
Technology Short Take 193 - Scott's Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking
Welcome to Technology Short Take #193! I know it has only been a couple weeks since the last Tech Short Take, but I am guessing that readers won’t really mind another one. Here is my latest collection of articles and posts about data center-related technologies. Enjoy!