Unidentified threat actors have successfully compromised the GitHub repository for “all-in-one” security scanner Trivy, pushing a malicious update to downstream users that can deploy an infostealer.