Socket

🚨 Breaking: Newly pushed Trivy Docker images are compromised.

Tags 0.69.5 and 0.69.6 were published to Docker Hub on 3/22 without corresponding GitHub releases and contain the same infostealer IOCs. latest currently points to a malicious image.

Details: https://socket.dev/blog/trivy-docker-images-compromised

Trivy Supply Chain Attack Expands to Compromised Docker Imag...

Newly published Trivy Docker images (0.69.5 and 0.69.6) were found to contain infostealer IOCs and were pushed to Docker Hub without corresponding Git...

Socket
Mar 22 at 11:48pmWeb
Show threadJeffreyMar 23
@SocketSecurity a third incident!?