Cybersecurity incidents surrounding the Trivy supply chain compromise have led to the discovery of malicious artifacts on Docker Hub, significantly expanding the issue within developer environments. Malicious versions 0.69.4, 0.69.5, and 0.69.6 of the vulnerability scanner have been removed, while the last secure release was version 0.69.3.
Researcher Philipp Burckhardt from Socket indicated that the new image tags were introduced on March 22 without corresponding GitHub releases. The compromised images include indicators of compromise linked to the TeamPCP infostealer, which has been active in earlier stages of this campaign.
This incident is connected to a broader attack involving Aqua Security's Trivy, allowing adversaries to exploit a compromised credential to distribute a credential stealer within altered versions of the scanner and its associated GitHub Actions. Furthermore, the threat actors have reportedly defaced all 44 internal repositories of Aqua Security's "aquasec-com" GitHub organization, modifying their names and descriptions to reflect TeamPCP's ownership.
On March 22, 2026, the modifications were executed in a rapid two-minute interval, with the attackers likely utilizing a compromised "Argon-DevOps-Mgt" service account. This breach has raised concerns about the security of proprietary source code and internal processes within Aqua Security.