Trivy supply-chain attack spreads to Docker, GitHub repos

The TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images ...
The Hacker News

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Trivy supply chain attack pushed malicious Docker images on March 22, enabling credential theft and worm spread, impacting cloud environments.
Infosecurity Magazine

Trivy Supply Chain Attack Expands With New Compromised Docker Images

A new set of compromised Docker images linked to the Trivy supply chain attack has been identified, expanding the impact of the incident across developer environments and CI/CD pipelines. On March 19, ...
SecurityWeek

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing infections.

TeamPCP hackers deface Aqua Security's internal GitHub

Aqua Security is scrambling to recover from supply chain attacks that first compromised the vendor's Trivy vulnerability scanner, and which have now seen threat actor TeamPCP breach its internal ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.

Is your AI agent a security risk? NanoClaw wants to put it in a virtual cage

Is your AI agent a security risk? NanoClaw wants to put it in a virtual cage ...