Advertisement · 728 × 90
#
Hashtag
#DockerAttack
Advertisement · 728 × 90
Cybersecurity News Everyday
Cybersecurity News Everyday
@hendryadrian.bsky.social
6 days ago
Preview
Trivy supply-chain attack spreads to Docker, GitHub repos The TeamPCP hackers continued to target Aqua Security by compromising its GitHub organization and pushing malicious Trivy Docker images that delivered an infostealer. The attackers abused a compromised service account and CI runner tokens to inject credential-harvesting code, tamper with repositories, and publish unauthorized Docker Hub tags, prompting Aqua to rotate secrets and engage Sygnia for response. #TeamPCP #Trivy

TeamPCP hackers breached Aqua Security’s GitHub, injecting infostealer malware into Trivy Docker images (tags 0.69.5 & 0.69.6) via compromised service accounts and CI tokens. Secrets rotated and response ongoing. #TeamPCP #DockerAttack #Israel

1 0 0 0
Cybersecurity News Everyday
Cybersecurity News Everyday
@hendryadrian.bsky.social
6 days ago
Preview
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper Security researchers found trojanized Trivy images and other malicious artifacts on Docker Hub following a Trivy supply-chain compromise that widened the blast radius across developer environments. The campaign, attributed to TeamPCP, used a compromised Aqua Security GitHub Actions credential to push a credential stealer, deface repositories, infect npm packages with CanisterWorm,...

Trivy supply-chain attack spreads infostealer via trojanized Docker images (v0.69.4–0.69.6), linked to TeamPCP. Campaign includes npm infection, Kubernetes wiper, and backdoor payloads. #DockerAttack #DevOpsRisk #Malaysia

0 0 0 0
Cybersecurity News Everyday
Cybersecurity News Everyday
@hendryadrian.bsky.social
1 week ago
Preview
Trivy Supply Chain Attack Expands to Compromised Docker Images Socket's threat research team discovered additional compromised Trivy Docker images (tags 0.69.5 and 0.69.6) pushed without corresponding GitHub releases, both containing indicators tied to the TeamPCP infostealer. The incident also exposed Aqua Security GitHub resources and prompted recommendations to avoid affected Trivy versions and treat recent executions as potentially compromised. #TeamPCP #Trivy

Trivy Docker images 0.69.5 and 0.69.6 were found compromised with TeamPCP infostealer indicators, pushed without matching GitHub releases. Aqua Security resources also exposed in this supply chain attack. #TeamPCP #DockerAttack #Infostealer

0 0 0 0