A group known as TeamPCP has allegedly manipulated Aqua Security’s Trivy container scanner, transforming this widely trusted tool into a security threat for millions of developers. With open source software facing a fresh wave of supply chain attacks, experts are warning that no project is immune.