- Threat actor TeamPCP has distributed malicious versions of the Trivy vulnerability scanner on Docker Hub, with versions 0.69.4, 0.69.5, and 0.69.6 containing an infostealer.
- The supply chain attack compromised internal repositories at Aqua Security, defacing them with “TeamPCP Owns Aqua Security” messages and exposing proprietary code.
- The attackers have escalated their campaign using stolen credentials to deploy a wiper malware targeting Iranian Kubernetes clusters and a self-propagating worm called CanisterWorm.
- The last known clean release of the Trivy Docker image is 0.69.3, and organizations are urged to review their CI/CD pipelines for use of compromised versions.
Following a major supply chain compromise, cybersecurity researchers discovered malicious Docker images for the Trivy vulnerability scanner on Docker Hub, where threat actors posted Trojanized versions as recently as March 22, 2026. The attack, attributed to the group TeamPCP, originally involved a compromised credential to push a credential stealer within the open-source scanner and related GitHub Actions.
According to a report from Socket security researcher Philipp Burckhardt, the malicious image tags 0.69.5 and 0.69.6 did not have corresponding GitHub releases. Consequently, the attack’s blast radius has expanded dramatically, with TeamPCP leveraging stolen data to compromise dozens of npm packages to distribute the CanisterWorm.
Meanwhile, the attackers have defaced all 44 internal repositories in Aqua Security‘s “aquasec-com” GitHub organization in a scripted two-minute burst. A forensic analysis by OpenSourceMalware assessed with high confidence that a compromised “Argon-DevOps-Mgt” service account token was the attack vector, providing write access to both of the security vendor’s GitHub organizations.
The campaign showcases the group’s growing sophistication, now moving beyond credential theft to destructive wiper malware. A new payload identified by researcher Charlie Eriksen targets Iranian Kubernetes nodes for wiping, while non-Iranian systems are infected with the CanisterWorm backdoor. This evolution highlights a significant threat to the security vendor ecosystem itself, turning its own tools against it.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Iran Pressures BRICS to Mediate in US-Israel Conflict, Strains India
- SMCI Stock Plunges Amid Nvidia China Probe
- Bithumb to Reappoint CEO Amid Regulatory Scrutiny
- Strategic Strait Closure Sparks Historic Oil Shock, $126 Brent
- CoinDCX Founders Clear Themselves of “False” Fraud FIR
