Trivy Supply Chain Attack Expands as Compromised Docker Images Hit Docker Hub

A supply-chain attack compromised the Trivy project: attackers gained access to GitHub Actions, pushed malicious Docker images (tags 0.69.4–0.69.6) to Docker Hub containing the TeamPCP infostealer, exfiltration artifacts, and a typosquatted C2 domain. Organizations using affected tags in CI/CD pipelines should assume compromise, rotate secrets, verify image digests, and roll back to the last known clean release (0.69.3).