Signal
Trivy supply chain attack spreads infostealer via Docker amid TeamPCP’s wiper campaign in Iran
The Trivy vulnerability scanner suffered a supply chain attack with malicious Docker images distributing the TeamPCP infostealer malware, impacting CI/CD environments. The compromised versions 0.69.4 to 0.69.6 were removed from Docker Hub.
rss
cveexploitsmalwarethreat_actorsincident_responsesecurity_tooling
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 posts in this window
- krebsonsecuritykrebsonsecurity.com
- Infosecurity Magazineinfosecurity-magazine.com
- SecurityWeeksecurityweek.com
- The Hacker Newsthehackernews.com
All evidence
All posts (loaded window)