Security researchers found trojanized Trivy images and other malicious artifacts on Docker Hub following a Trivy supply-chain compromise that widened the blast radius across developer environments. The campaign, attributed to TeamPCP, used a compromised Aqua Security GitHub Actions credential to push a credential stealer, deface repositories, infect npm packages with CanisterWorm, and deploy Kubernetes-wiping and backdoor payloads, so organizations should avoid affected Trivy versions and treat recent runs as potentially compromised. #Trivy #TeamPCP #CanisterWorm #AquaSecurity
Keypoints
- Trojanized Trivy images (0.69.4–0.69.6) were pushed to Docker Hub and later removed after detection.
- A compromised Argon-DevOps-Mgt service account token was used to deface 44 Aqua Security internal repositories.
- Stolen credentials enabled downstream compromises, including dozens of npm packages infected with the self-propagating CanisterWorm.
- TeamPCP deployed payloads that steal credentials, install backdoors, and wipe Iranian Kubernetes clusters via privileged DaemonSets.
- Organizations should avoid affected Trivy versions in CI/CD, review recent executions, and rotate/secure exposed service account tokens.
Read More: https://thehackernews.com/2026/03/trivy-hack-spreads-infostealer-via.html