Chem-Aqua, Inc. A.I CyberSecurity Scoring
Chem-Aqua, Inc.
Company Information
Website:https://www.chemaqua.com/en-us/
Employees number:927
Number of followers:50,906
NAICS:325
Industry Type:Chemical Manufacturing
Homepage:chemaqua.com
Chem-Aqua, Inc. Risk Score (AI oriented)
Between 700 and 749
Chem-Aqua, Inc.Chemical Manufacturing
Updated:
20/03/2026
20/03/2026
740/1000
Moderate
Ba
Chem-Aqua, Inc. Global Score (TPRM)
xxxx
Chem-Aqua, Inc.Chemical Manufacturing
Score locked

Chem-Aqua, Inc.Moderate
Current Score
740Ba (MODERATE)
01000
1 incidents
-19 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
742
JUNE 2026
742
MAY 2026
742
APRIL 2026
741
MARCH 2026
759
Cyber Attack
01 Mar 2026 • Chem-Aqua, Inc.
GitHub and Aqua Security: Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy Open-Source Scanner Compromised Again in Supply Chain Attack
740
CRITICAL-19
GITCHE1774031536
Trivy Open-Source Scanner Compromised Again in Supply Chain Attack
Aqua Security’s popular open-source vulnerability scanner, Trivy, was compromised for the second time in a month, leading to the distribution of malware designed to steal sensitive CI/CD secrets from GitHub Actions environments. The attack targeted two official GitHub Actions repositories `aquasecurity/trivy-action` and `aquasecurity/setup-trivy` which are widely used to scan Docker images and configure Trivy in workflows.
Security researcher Philipp Burckhardt of Socket revealed that attackers force-pushed 75 out of 76 version tags in the `trivy-action` repository, replacing legitimate code with a Python-based infostealer. The malware executes in GitHub Actions runners, harvesting credentials such as SSH keys, cloud provider tokens, database passwords, Kubernetes tokens, and cryptocurrency wallet details. A similar attack affected seven tags in the `setup-trivy` repository.
This marks the second supply chain breach involving Trivy in recent weeks. In late February and early March 2026, an autonomous bot (hackerbot-claw) exploited a `pull_request_target` workflow to steal a Personal Access Token (PAT), gaining control of the repository. The attackers then deleted release versions and pushed malicious updates to Trivy’s VS Code extension on Open VSX. The compromised version (0.69.4) executed both legitimate Trivy scans and a data-stealing payload, which:
- Scanned systems for environment variables and credentials.
- Exfiltrated data via HTTP POST requests to `scan.aquasecurtiy[.]org`.
- Established persistence via a systemd service (`sysmon.py`) that fetched and executed additional payloads.
Aqua Security confirmed that the attackers abused compromised credentials to publish malicious releases. Unlike typical supply chain attacks, the adversaries rewrote existing tags rather than creating new releases, making detection harder. The exact credential used remains unclear, but the breach stemmed from incomplete containment of the earlier hackerbot-claw incident. Aqua Security acknowledged that token rotation was not atomic, allowing attackers to retain access.
The malware operates in three stages:
1. Harvesting environment variables from memory and the filesystem.
2. Encrypting the stolen data.
3. Exfiltrating it to the attacker-controlled server or, if blocked, abusing the victim’s GitHub account to store data in a public repository named `tpcp-docs`.
While attribution is unconfirmed, TeamPCP (also known as DeadCatx3, PCPcat, or ShellForce) is suspected due to code self-identification as the "TeamPCP Cloud stealer" and technical overlaps with the group’s known cloud-native theft operations. The focus on Solana validator keys and cryptocurrency wallets aligns with TeamPCP’s financial motivations, though the self-labeling could be a false flag.
Aqua Security has since locked down automated actions and tokens to prevent further abuse. The incident underscores risks in tag-based dependency management, as attackers exploited mutable version tags to distribute malware. Security researchers recommend pinning GitHub Actions to full SHA hashes to mitigate similar attacks.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
759
JANUARY 2026
759
DECEMBER 2025
759
NOVEMBER 2025
759
OCTOBER 2025
759
SEPTEMBER 2025
759
AUGUST 2025
759
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Chem-Aqua, Inc. ??
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in June 2026 ??
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in May 2026 ??
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in April 2026 ??
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in March 2026 ??
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in February 2026 ??
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in January 2026 ??
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in December 2025 ??
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in November 2025 ??
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in October 2025 ??
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in September 2025 ??
What was Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Chem-Aqua, Inc.'s A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Chem-Aqua, Inc. ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Chem-Aqua, Inc.'s profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?