On March 19, 2026, threat actors compromised Aqua Security's CI/CD pipeline and used stolen credentials to push backdoored versions of the aquasec/trivy vulnerability scanner to Docker Hub. A second wave of compromised images followed on March 22. The malicious images contained an infostealer targeting CI/CD secrets, cloud credentials, SSH keys, and Docker configurations. This post summarizes what happened, what Docker did in response, and what you should do if you use Trivy.

Docker offers insights into container technology, microservices architecture, and application deployment, providing documentation and best practices for building, deploying, and managing containerized applications. By exploring Docker's curated content, developers can learn about container orchestration, Docker Swarm, and Docker Compose for managing complex containerized environments. Whether you're deploying microservices, building CI/CD pipelines, or optimizing your development workflow, Docker offers resources to streamline your containerization journey and unlock the benefits of container-based deployment.

Docker

On March 19, 2026, threat actors compromised Aqua Security's CI/CD pipeline and used stolen credentials to push backdoored versions of the aquasec/trivy vulnerability scanner to Docker Hub. The malicious images (tags 0.69.4, 0.69.5, 0.69.6, and latest) contained an infostealer targeting CI/CD secrets, cloud credentials, SSH keys, and Docker configurations. A second wave followed on March 22. Docker and Aqua Security removed the compromised images by March 23. Users who pulled these tags should immediately remove the images, rotate all credentials, and treat any host that ran the image with the Docker socket mounted as fully compromised. The last known clean release is 0.69.3. Key lessons include pinning images by digest rather than mutable tags, verifying signed provenance attestations, and performing atomic credential rotation during incident response. Docker Hardened Images were not affected due to hermetic builds and signed provenance.

Trivy supply chain compromise: What Docker Hub users should know

What Docker is doing beyond incident response