Socket threat researchers discovered that Trivy Docker images tagged 0.69.5 and 0.69.6 were pushed to Docker Hub on March 22 without corresponding GitHub releases and contain indicators of compromise (IOCs) linked to the TeamPCP infostealer. The compromised images include a typosquatted C2 domain (scan.aquasecurtiy.org),
Sort: