Hackers used compromised Trivy key to access EU cloud data.

The European Commission confirmed that attackers stole more than 300GB of data from its AWS environment after using an API key compromised in the Trivy supply chain attack. CERT‑EU said the key allowed the hackers to create new access credentials, run reconnaissance tools, and exfiltrate data tied to websites for 71 EC and EU‑affiliated clients. The leaked information, later posted by ShinyHunters, includes names, email addresses, usernames, and tens of thousands of user‑submitted messages. The Commission revoked the compromised credentials, notified regulators, and said its internal systems were not affected.

Read more:

https://www.securityweek.com/european-commission-confirms-data-breach-linked-to-trivy-supply-chain-attack/