Trivy compromised: supply chain attack on CI/CD pipelines
On 19 March 2026 the open source vulnerability scanner Trivy, maintained by Aqua Security and used in millions of CI/CD pipelines, was compromised for the second time in a month. A threat group identified as “TeamPCP” exploited a pull_request_target workflow on GitHub to steal a privileged Personal Access Token.
Using that token, the attackers force-updated 75 out of 76 tags in the aquasecurity/trivy-action repository, injecting a malicious payload that extracted secrets from pipelines: SSH keys, cloud credentials, Docker configurations and Kubernetes tokens. The attack then spread to npm packages via a self-propagating worm called CanisterWorm and to compromised Docker Hub images.
What to do: pin GitHub Actions to the commit SHA instead of tags, audit secrets exposed in pipelines, apply the principle of least privilege to tokens and monitor unauthorised changes in dependency repositories.
NVIDIA GTC 2026: 1 million GPUs in AI factories
At GTC 2026 NVIDIA announced that its Cloud Partners have surpassed the milestone of 1 million GPUs installed in global AI factories, for a total capacity of 1.7 GW. The figure doubles compared to the 400,000 GPUs and 550 MW of the previous year.
AWS announced it will deploy over 1 million NVIDIA GPUs (Blackwell and Rubin architectures), while Microsoft Azure is the first hyperscaler to activate the new Vera Rubin NVL72 systems. Jensen Huang spoke of a cumulative demand of $1 trillionfor AI infrastructure by 2027, driven by the transition to “agentic AI” which has generated a massive increase in compute demand over the past two years.
For businesses this means cloud-based AI services will become increasingly accessible and powerful. The challenge is to develop an IT strategy that integrates these technologies in a sustainable way.
Tycoon 2FA: the most widespread phishing platform dismantled
On 4 March 2026 Europol, Microsoft, Trend Micro, Cloudflare and Proofpoint coordinated the takedown of Tycoon 2FA, the most widespread phishing-as-a-service (PhaaS) platform in the world. 330 domains were seized, including control panels and fake login pages, with operations in Latvia, Lithuania, Portugal, Poland, Spain and the United Kingdom.
Active since 2023, Tycoon 2FA was responsible for 62% of all phishing attempts blocked by Microsoft, with over 30 million phishing emails intercepted in a single month. The platform hijacked authentication sessions in real time, managing to bypass even traditional MFA and targeting approximately 100,000 organisations, including schools, hospitals and public institutions.
What to do: invest in anti-phishing training for employees, adopt phishing-resistant MFA (FIDO2/passkeys) and implement an email security gateway that filters threats before they reach inboxes.
AWS and Google Cloud: multicloud networking is born
AWS and Google Cloud have announced a joint solution for multicloud networking, based on AWS Interconnect and Google Cloud Cross-Cloud Interconnect. For the first time, the two major cloud competitors are collaborating to offer high-speed private connectivity between their respective platforms, with provisioning in minutes instead of the weeks previously required.
The solution, currently in preview, uses specific open APIs that other providers can adopt. Microsoft Azure will be added in 2026. Security is ensured by quadruple redundancy and MACsec encryption between border routers. The context: 84% of cloud leaders intentionally choose multicloud environments.
For businesses this means less vendor lock-in, greater resilience and the ability to choose the best service from each provider without infrastructure complications. A paradigm shift for those managing cloud infrastructure.