On March 19, 2026, threat actors compromised Aqua Security's CI/CD pipeline and used stolen credentials to push backdoored versions of the aquasec/trivy vulnerability scanner to Docker Hub. The malicious images (tags 0.69.4, 0.69.5, 0.69.6, and latest) contained an infostealer targeting CI/CD secrets, cloud credentials, SSH keys, and Docker configurations. A second wave followed on March 22. Docker and Aqua Security removed the compromised images by March 23. Users who pulled these tags should immediately remove the images, rotate all credentials, and treat any host that ran the image with the Docker socket mounted as fully compromised. The last known clean release is 0.69.3. Key lessons include pinning images by digest rather than mutable tags, verifying signed provenance attestations, and performing atomic credential rotation during incident response. Docker Hardened Images were not affected due to hermetic builds and signed provenance.
Table of contents
What happenedAm I affected?Lessons for the ecosystemWhat Docker is doing beyond incident responseOther resourcesSort: