Trivy Supply Chain Attack Expands With New Compromised Docker Images

"Trivy supply chain attack: Malicious Docker images found. Aqua Security's vulnerability scanner compromised. Check CI/CD pipelines now."

By Content Team

Mar 23, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

The Trivy supply chain attack has escalated with new compromised Docker images discovered on March 22, 2026. After initially compromising Aqua Security's vulnerability scanner version 0.69.4 on March 19, attackers uploaded malicious versions 0.69.5 and 0.69.6 to Docker Hub without corresponding GitHub releases.

Socket researchers confirmed both images contain TeamPCP infostealer malware with credential-stealing capabilities. The attack expanded beyond Docker images when attackers briefly exposed Aqua Security's internal GitHub organization, renaming dozens of repositories in a two-minute automated burst.

Version 0.69.3 remains the last clean release, while 0.69.4 through 0.69.6 are confirmed compromised. Organizations using Trivy in CI/CD pipelines should review recent activity and treat recent scans as potentially compromised. Aqua's commercial products remain unaffected.

Source: Infosecurity Magazine

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

EmEditor Hit by Supply Chain Attack Delivering Infostealer Malware

Dec 29, 2025

Pennsylvania Community College Shuts Down After Ransomware Attack Encrypts All Data

Mar 13, 2026

Critical SmarterMail Vulnerability Allows Remote Code Execution

Dec 30, 2025

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Mar 23, 2026