Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Aqua-Aerobic Systems, Inc.

Aqua-Aerobic Systems, Inc. Vendor Cyber Rating & Cyber Score

aqua-aerobic.com

Aqua-Aerobic Systems, Inc. services its customers around the world with performance-proven, quality products and systems that are adaptable to the changing demands of the water and wastewater treatment industry. Our markets range from small to medium sized municipalities to large metro areas around the world, including both domestic and industrial waste streams. We pride ourselves on establishing life-long relationships by fully understanding our customers’ needs while working collaboratively to provide the best treatment solution at the lowest cost of ownership over the life of the plant.


ASI A.I CyberSecurity Scoring

ASI
Company Information
Website:http://www.aqua-aerobic.com
Employees number:224
Number of followers:5,424
NAICS:54162
Industry Type:Environmental Services
Homepage:aqua-aerobic.com
ASI Risk Score (AI oriented)
Between 700 and 749
logo
ASIEnvironmental Services
Updated:
25/03/2026
735/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
ASI Global Score (TPRM)
xxxx
logo
ASIEnvironmental Services
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

ASI
ASIModerate
Current Score
735Ba (MODERATE)
01000
1 incidents
-17 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
737Before Incident
JUNE 2026
737Before Incident
MAY 2026
736Before Incident
APRIL 2026
736Before Incident
MARCH 2026
752Before Incident
Cyber Attack
25 Mar 2026ASI
Organizations using Trivy in automated workflows and Aqua Security: Aqua Security’s Trivy Scanner Hit by Supply Chain Attack

Sophisticated Supply Chain Attack Targets Trivy Vulnerability Scanner, Exposing CI/CD Risks

735After Incident
CRITICAL-17
SEMAQU1774434920
Sophisticated Supply Chain Attack Targets Trivy Vulnerability Scanner, Exposing CI/CD Risks Aqua Security uncovered a sophisticated supply chain attack targeting its open-source Trivy vulnerability scanner, demonstrating how threat actors can exploit trusted development workflows to steal sensitive data without detection. The incident, which did not impact Aqua’s commercial products, highlights critical vulnerabilities in CI/CD pipelines. ### Attack Overview Rather than distributing a malicious binary, attackers hijacked existing GitHub repositories aquasecurity/trivy-action and setup-trivy using stolen credentials. By force-pushing malicious commits to version tags (e.g., v0.x), they ensured automated pipelines pulled compromised code. Since many organizations rely on mutable tags instead of immutable commit hashes, the altered code executed undetected. The injected payload ran before Trivy’s legitimate scanning process, allowing workflows to complete normally while exfiltrating high-value secrets, including: - Cloud credentials (AWS, GCP, Azure) - API tokens and access keys - SSH private keys - Kubernetes service account tokens - Docker configuration files Given CI/CD pipelines’ broad infrastructure access, this could enable lateral movement, privilege escalation, and full environment compromise. ### Timeline & Persistence - Late February 2026: Initial compromise occurred. - March 1: Incomplete credential rotation allowed attackers to retain access. - March 22: Additional suspicious activity suggested attempts to reestablish persistence, indicating a multi-stage operation. Aqua revoked compromised credentials, removed malicious artifacts, and transitioned away from long-lived tokens. Incident response firm Sygnia assisted in forensic investigation and containment. The company confirmed its commercial platform remained unaffected due to strict architectural separation, including isolated infrastructure and gated security reviews. ### Mitigation & Indicators of Compromise Organizations using Trivy in automated workflows should: - Upgrade to Trivy v0.69.2 or v0.69.3 - Use safe GitHub Action versions: trivy-action v0.35.0 or setup-trivy v0.2.6 - Rotate all secrets if v0.69.4 was executed in any pipeline Security teams should monitor and block the following indicators: - Domain: scan.aquasecurtiy[.]org - IP Address: 45.148.10.212 - Secondary C2: plug-tab-protective-relay.trycloudflare.com - GitHub repo: Unauthorized tpcp-docs - ICP-based C2: tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io ### Key Takeaway The attack exploited over-reliance on mutable version tags in CI/CD pipelines. A simple defensive measure pinning dependencies to immutable commit SHA hashes could have prevented the compromise. As CI/CD pipelines become prime targets, organizations must enforce strict access controls, monitoring, and dependency integrity validation to mitigate supply chain risks.
INCIDENT DETAILS -
TYPE
Supply Chain Attack
MOTIVATION
Data exfiltration, lateral movement, privilege escalation
IMPACT
Data Compromised: Cloud credentials (AWS, GCP, Azure), API tokens, access keys, SSH private keys, Kubernetes service account tokens, Docker configuration filesSystems Affected: CI/CD pipelines using compromised Trivy versionsOperational Impact: Potential full environment compromise, lateral movementIdentity Theft Risk: High (PII and credentials exposed)
DATA BREACH
Cloud credentialsAPI tokensAccess keysSSH private keysKubernetes service account tokensDocker configuration filesSensitivity Of Data: HighPersonally Identifiable Information: Credentials and access tokens
FEBRUARY 2026
752Before Incident
JANUARY 2026
752Before Incident
DECEMBER 2025
752Before Incident
NOVEMBER 2025
752Before Incident
OCTOBER 2025
752Before Incident
SEPTEMBER 2025
752Before Incident
AUGUST 2025
752Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for ASI ?
?
What was ASI's A.I Rankiteo Cyber Score in June 2026 ?
?
What was ASI's A.I Rankiteo Cyber Score in May 2026 ?
?
What was ASI's A.I Rankiteo Cyber Score in April 2026 ?
?
What was ASI's A.I Rankiteo Cyber Score in March 2026 ?
?
What was ASI's A.I Rankiteo Cyber Score in February 2026 ?
?
What was ASI's A.I Rankiteo Cyber Score in January 2026 ?
?
What was ASI's A.I Rankiteo Cyber Score in December 2025 ?
?
What was ASI's A.I Rankiteo Cyber Score in November 2025 ?
?
What was ASI's A.I Rankiteo Cyber Score in October 2025 ?
?
What was ASI's A.I Rankiteo Cyber Score in September 2025 ?
?
What was ASI's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on ASI's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with ASI ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view ASI's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?
Aqua-Aerobic Systems, Inc. Cyber Scoring History | Rankiteo