SocketMar 22

🚨 Breaking: Newly pushed Trivy Docker images are compromised.

Tags 0.69.5 and 0.69.6 were published to Docker Hub on 3/22 without corresponding GitHub releases and contain the same infostealer IOCs. latest currently points to a malicious image.

Details: https://socket.dev/blog/trivy-docker-images-compromised

Trivy Supply Chain Attack Expands to Compromised Docker Imag...

Newly published Trivy Docker images (0.69.5 and 0.69.6) were found to contain infostealer IOCs and were pushed to Docker Hub without corresponding Git...

Socket
Show threadJeffrey
@SocketSecurity a third incident!?
Mar 23 at 6:09pmWeb