Overview
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library.
Organisations Involved
The following organisations are mentioned in relation to this incident: Docker Hub, Kubernetes Wiper
Cybersecurity, Triggers Worm, Trivy Hack Spreads Infostealer.
Multi-Source Coverage
This event has been reported across multiple outlets:
Sources: thehackernews. Aggregated by Cybernews Agency pipeline.