European Commission Hit by Major Supply-Chain Attack via Compromised Trivy Scanner
On April 3, 2026, CERT-EU issued an advisory revealing a sophisticated supply-chain attack targeting the European Commission (EC) through a compromised version of Trivy, a widely used open-source vulnerability scanner. The threat actor, identified as TeamPCP, exploited a flaw in the tool’s continuous integration and continuous delivery (CI/CD) pipeline to harvest AWS API keys, enabling large-scale data exfiltration.
The breach resulted in the theft of over 340 GB of uncompressed data, affecting 71 clients hosted on the Europa web hosting service, the EC’s primary digital platform. The attack underscores the growing risk of trusted open-source tools as vectors for cyber threats, particularly when integrated into critical infrastructure.
CERT-EU’s findings highlight the severity of the incident, which leveraged a seemingly secure component to gain unauthorized access to sensitive cloud environments. No further details on the nature of the exfiltrated data or remediation efforts have been disclosed.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7445734744140603392
Aqua Security cybersecurity rating report: https://www.rankiteo.com/company/aquasecteam
European Commission cybersecurity rating report: https://www.rankiteo.com/company/european-commission
"id": "AQUEUR1775205235",
"linkid": "aquasecteam, european-commission",
"type": "Vulnerability",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '71 clients',
'industry': 'Public Sector',
'location': 'Europe',
'name': 'European Commission',
'type': 'Government'}],
'attack_vector': 'Compromised open-source tool (Trivy)',
'data_breach': {'data_exfiltration': 'Yes'},
'date_detected': '2026-04-03',
'date_publicly_disclosed': '2026-04-03',
'description': 'On April 3, 2026, CERT-EU issued an advisory revealing a '
'sophisticated supply-chain attack targeting the European '
'Commission (EC) through a compromised version of Trivy, a '
'widely used open-source vulnerability scanner. The threat '
'actor, identified as TeamPCP, exploited a flaw in the tool’s '
'continuous integration and continuous delivery (CI/CD) '
'pipeline to harvest AWS API keys, enabling large-scale data '
'exfiltration. The breach resulted in the theft of over 340 GB '
'of uncompressed data, affecting 71 clients hosted on the '
'Europa web hosting service, the EC’s primary digital '
'platform. The attack underscores the growing risk of trusted '
'open-source tools as vectors for cyber threats, particularly '
'when integrated into critical infrastructure.',
'impact': {'data_compromised': '340 GB of uncompressed data',
'systems_affected': 'Europa web hosting service'},
'initial_access_broker': {'entry_point': 'Compromised Trivy scanner (CI/CD '
'pipeline)',
'high_value_targets': 'AWS API keys'},
'post_incident_analysis': {'root_causes': 'Exploitation of trusted '
'open-source tool in critical '
'infrastructure'},
'references': [{'source': 'CERT-EU Advisory'}],
'threat_actor': 'TeamPCP',
'title': 'European Commission Hit by Major Supply-Chain Attack via '
'Compromised Trivy Scanner',
'type': 'Supply-Chain Attack',
'vulnerability_exploited': 'Flaw in CI/CD pipeline'}