Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

2026-03-23

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

This article covers a supply chain attack on Trivy, an open-source vulnerability scanner by Aqua Security, leading to widespread compromise across developer environments.

•Malicious Docker Hub image versions 0.69.4, 0.69.5, and 0.69.6 were pushed by threat actor TeamPCP, containing the TeamPCP infostealer credential harvester
•Stolen credentials were used to compromise dozens of npm packages and distribute a self-propagating worm called CanisterWorm
•All 44 internal GitHub repositories of Aqua Security's 'aquasec-com' org were defaced in a scripted 2-minute burst using a compromised 'Argon-DevOps-Mgt' service account token
•A new wiper malware targets Kubernetes clusters in Iran, deploying privileged DaemonSets and wiping nodes via a container named 'kamikaze', while installing CanisterWorm backdoor on non-Iranian nodes

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture