Socket threat researchers discovered that Trivy Docker images tagged 0.69.5 and 0.69.6 were pushed to Docker Hub on March 22 without corresponding GitHub releases and contain indicators of compromise (IOCs) linked to the TeamPCP infostealer. The compromised images include a typosquatted C2 domain (scan.aquasecurtiy.org), exfiltration artifacts, and references to a fallback GitHub repository. The 'latest' tag currently points to the compromised 0.69.6 image. Version 0.69.3 is the last known clean release. Organizations are advised to stop using Trivy in CI/CD pipelines immediately and treat any recent executions of affected versions as potentially compromised.
Sort: