""New image tags 0.69.5 and 0.69.6 were pushed on March 22 without corresponding GitHub releases or tags. Both images contain indicators of compromise associated with the same TeamPCP infostealer observed in earlier stages of this campaign.""
""The attack has had downstream impacts, with the attackers leveraging the stolen data to compromise dozens of npm packages to distribute a self-propagating worm known as CanisterWorm.""
""All the repositories are said to have been modified in a scripted 2-minute burst between 20:31:07 UTC and 20:32:26 UTC on March 22, 2026.""
Cybersecurity researchers found malicious artifacts on Docker Hub linked to the Trivy supply chain attack. The last clean release was 0.69.3, while versions 0.69.4, 0.69.5, and 0.69.6 were removed due to containing indicators of compromise. Attackers exploited a compromised credential to push trojanized versions of Trivy and related GitHub Actions. The incident led to the compromise of numerous npm packages and the defacement of Aqua Security's GitHub repositories by the threat actor TeamPCP, who modified all repositories in a brief scripted attack.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]