ASI A.I CyberSecurity Scoring
ASI
Company Information
Website:http://www.aqua-aerobic.com
Employees number:224
Number of followers:5,424
NAICS:54162
Industry Type:Environmental Services
Homepage:aqua-aerobic.com
ASI Risk Score (AI oriented)
Between 700 and 749
ASIEnvironmental Services
Updated:
25/03/2026
25/03/2026
735/1000
Moderate
Ba
ASI Global Score (TPRM)
xxxx
ASIEnvironmental Services
Score locked

ASIModerate
Current Score
735Ba (MODERATE)
01000
1 incidents
-17 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
737
JUNE 2026
737
MAY 2026
736
APRIL 2026
736
MARCH 2026
752
Cyber Attack
25 Mar 2026 • ASI
Organizations using Trivy in automated workflows and Aqua Security: Aqua Security’s Trivy Scanner Hit by Supply Chain Attack
Sophisticated Supply Chain Attack Targets Trivy Vulnerability Scanner, Exposing CI/CD Risks
735
CRITICAL-17
SEMAQU1774434920
Sophisticated Supply Chain Attack Targets Trivy Vulnerability Scanner, Exposing CI/CD Risks
Aqua Security uncovered a sophisticated supply chain attack targeting its open-source Trivy vulnerability scanner, demonstrating how threat actors can exploit trusted development workflows to steal sensitive data without detection. The incident, which did not impact Aqua’s commercial products, highlights critical vulnerabilities in CI/CD pipelines.
### Attack Overview
Rather than distributing a malicious binary, attackers hijacked existing GitHub repositories aquasecurity/trivy-action and setup-trivy using stolen credentials. By force-pushing malicious commits to version tags (e.g., v0.x), they ensured automated pipelines pulled compromised code. Since many organizations rely on mutable tags instead of immutable commit hashes, the altered code executed undetected.
The injected payload ran before Trivy’s legitimate scanning process, allowing workflows to complete normally while exfiltrating high-value secrets, including:
- Cloud credentials (AWS, GCP, Azure)
- API tokens and access keys
- SSH private keys
- Kubernetes service account tokens
- Docker configuration files
Given CI/CD pipelines’ broad infrastructure access, this could enable lateral movement, privilege escalation, and full environment compromise.
### Timeline & Persistence
- Late February 2026: Initial compromise occurred.
- March 1: Incomplete credential rotation allowed attackers to retain access.
- March 22: Additional suspicious activity suggested attempts to reestablish persistence, indicating a multi-stage operation.
Aqua revoked compromised credentials, removed malicious artifacts, and transitioned away from long-lived tokens. Incident response firm Sygnia assisted in forensic investigation and containment. The company confirmed its commercial platform remained unaffected due to strict architectural separation, including isolated infrastructure and gated security reviews.
### Mitigation & Indicators of Compromise
Organizations using Trivy in automated workflows should:
- Upgrade to Trivy v0.69.2 or v0.69.3
- Use safe GitHub Action versions: trivy-action v0.35.0 or setup-trivy v0.2.6
- Rotate all secrets if v0.69.4 was executed in any pipeline
Security teams should monitor and block the following indicators:
- Domain: scan.aquasecurtiy[.]org
- IP Address: 45.148.10.212
- Secondary C2: plug-tab-protective-relay.trycloudflare.com
- GitHub repo: Unauthorized tpcp-docs
- ICP-based C2: tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io
### Key Takeaway
The attack exploited over-reliance on mutable version tags in CI/CD pipelines. A simple defensive measure pinning dependencies to immutable commit SHA hashes could have prevented the compromise. As CI/CD pipelines become prime targets, organizations must enforce strict access controls, monitoring, and dependency integrity validation to mitigate supply chain risks.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
752
JANUARY 2026
752
DECEMBER 2025
752
NOVEMBER 2025
752
OCTOBER 2025
752
SEPTEMBER 2025
752
AUGUST 2025
752
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for ASI ??
What was ASI's A.I Rankiteo Cyber Score in June 2026 ??
What was ASI's A.I Rankiteo Cyber Score in May 2026 ??
What was ASI's A.I Rankiteo Cyber Score in April 2026 ??
What was ASI's A.I Rankiteo Cyber Score in March 2026 ??
What was ASI's A.I Rankiteo Cyber Score in February 2026 ??
What was ASI's A.I Rankiteo Cyber Score in January 2026 ??
What was ASI's A.I Rankiteo Cyber Score in December 2025 ??
What was ASI's A.I Rankiteo Cyber Score in November 2025 ??
What was ASI's A.I Rankiteo Cyber Score in October 2025 ??
What was ASI's A.I Rankiteo Cyber Score in September 2025 ??
What was ASI's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on ASI's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with ASI ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view ASI's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?