Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Chem-Aqua, Inc.

Chem-Aqua, Inc. Vendor Cyber Rating & Cyber Score

chemaqua.com

Chem-Aqua is a unique combination of knowledge, experience and stability. We specialize in providing custom designed water treatment programs for boiler, cooling, and process water systems. We help our customers minimize their energy, water, and maintenance costs while ensuring safe and reliable operation of these critical systems. Chem-Aqua has the expertise and commitment to help solve virtually any water related problem. We maintain modern, well-equipped analytical laboratories and cutting-edge research facilities. Our state-of-the-art products are manufactured to rigorous ISO 9001 specifications. Our field representatives are well trained and backed by some of the most experienced water treatment specialists in the business. Our Total


Chem-Aqua, Inc. A.I CyberSecurity Scoring

Chem-Aqua, Inc.
Company Information
Website:https://www.chemaqua.com/en-us/
Employees number:927
Number of followers:50,906
NAICS:325
Industry Type:Chemical Manufacturing
Homepage:chemaqua.com
Chem-Aqua, Inc. Risk Score (AI oriented)
Between 700 and 749
logo
Chem-Aqua, Inc.Chemical Manufacturing
Updated:
20/03/2026
740/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Chem-Aqua, Inc. Global Score (TPRM)
xxxx
logo
Chem-Aqua, Inc.Chemical Manufacturing
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Chem-Aqua, Inc.
Chem-Aqua, Inc.Moderate
Current Score
740Ba (MODERATE)
01000
1 incidents
-19 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
742Before Incident
JUNE 2026
742Before Incident
MAY 2026
742Before Incident
APRIL 2026
741Before Incident
MARCH 2026
759Before Incident
Cyber Attack
01 Mar 2026Chem-Aqua, Inc.
GitHub and Aqua Security: Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy Open-Source Scanner Compromised Again in Supply Chain Attack

740After Incident
CRITICAL-19
GITCHE1774031536
Trivy Open-Source Scanner Compromised Again in Supply Chain Attack Aqua Security’s popular open-source vulnerability scanner, Trivy, was compromised for the second time in a month, leading to the distribution of malware designed to steal sensitive CI/CD secrets from GitHub Actions environments. The attack targeted two official GitHub Actions repositories `aquasecurity/trivy-action` and `aquasecurity/setup-trivy` which are widely used to scan Docker images and configure Trivy in workflows. Security researcher Philipp Burckhardt of Socket revealed that attackers force-pushed 75 out of 76 version tags in the `trivy-action` repository, replacing legitimate code with a Python-based infostealer. The malware executes in GitHub Actions runners, harvesting credentials such as SSH keys, cloud provider tokens, database passwords, Kubernetes tokens, and cryptocurrency wallet details. A similar attack affected seven tags in the `setup-trivy` repository. This marks the second supply chain breach involving Trivy in recent weeks. In late February and early March 2026, an autonomous bot (hackerbot-claw) exploited a `pull_request_target` workflow to steal a Personal Access Token (PAT), gaining control of the repository. The attackers then deleted release versions and pushed malicious updates to Trivy’s VS Code extension on Open VSX. The compromised version (0.69.4) executed both legitimate Trivy scans and a data-stealing payload, which: - Scanned systems for environment variables and credentials. - Exfiltrated data via HTTP POST requests to `scan.aquasecurtiy[.]org`. - Established persistence via a systemd service (`sysmon.py`) that fetched and executed additional payloads. Aqua Security confirmed that the attackers abused compromised credentials to publish malicious releases. Unlike typical supply chain attacks, the adversaries rewrote existing tags rather than creating new releases, making detection harder. The exact credential used remains unclear, but the breach stemmed from incomplete containment of the earlier hackerbot-claw incident. Aqua Security acknowledged that token rotation was not atomic, allowing attackers to retain access. The malware operates in three stages: 1. Harvesting environment variables from memory and the filesystem. 2. Encrypting the stolen data. 3. Exfiltrating it to the attacker-controlled server or, if blocked, abusing the victim’s GitHub account to store data in a public repository named `tpcp-docs`. While attribution is unconfirmed, TeamPCP (also known as DeadCatx3, PCPcat, or ShellForce) is suspected due to code self-identification as the "TeamPCP Cloud stealer" and technical overlaps with the group’s known cloud-native theft operations. The focus on Solana validator keys and cryptocurrency wallets aligns with TeamPCP’s financial motivations, though the self-labeling could be a false flag. Aqua Security has since locked down automated actions and tokens to prevent further abuse. The incident underscores risks in tag-based dependency management, as attackers exploited mutable version tags to distribute malware. Security researchers recommend pinning GitHub Actions to full SHA hashes to mitigate similar attacks.
INCIDENT DETAILS -
TYPE
Supply Chain Attack
MOTIVATION
Financial gain (cryptocurrency theft, credential harvesting)
IMPACT
Data Compromised: CI/CD secrets, SSH keys, cloud provider tokens, database passwords, Kubernetes tokens, cryptocurrency wallet details, environment variablesSystems Affected: GitHub Actions runners, Trivy VS Code extension (version 0.69.4), Trivy GitHub Actions repositories (`aquasecurity/trivy-action`, `aquasecurity/setup-trivy`)Operational Impact: Malware execution in CI/CD pipelines, credential theft, potential lateral movement in cloud environmentsBrand Reputation Impact: High (second breach in a month, compromised open-source tool)Identity Theft Risk: High (PII and credentials stolen)
DATA BREACH
CI/CD secretsSSH keysCloud provider tokensDatabase passwordsKubernetes tokensCryptocurrency wallet detailsEnvironment variablesSensitivity Of Data: High (credentials, PII, financial data)Data Exfiltration: Yes (HTTP POST to `scan.aquasecurtiy[.]org` or GitHub repository `tpcp-docs`)Data Encryption: Yes (stolen data was encrypted before exfiltration)Personally Identifiable Information: Yes (credentials, tokens, wallet details)
FEBRUARY 2026
759Before Incident
JANUARY 2026
759Before Incident
DECEMBER 2025
759Before Incident
NOVEMBER 2025
759Before Incident
OCTOBER 2025
759Before Incident
SEPTEMBER 2025
759Before Incident
AUGUST 2025
759Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Chem-Aqua, Inc. ?
?
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in June 2026 ?
?
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in May 2026 ?
?
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in April 2026 ?
?
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in March 2026 ?
?
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in February 2026 ?
?
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in January 2026 ?
?
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in December 2025 ?
?
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in November 2025 ?
?
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in October 2025 ?
?
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in September 2025 ?
?
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Chem-Aqua, Inc. ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Chem-Aqua, Inc.'s profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?