How Public Container Registries Have Become a Silent Risk Multiplier in a Modern Supply Chain

This report warns that pulling container images from public registries is a trust decision and details widespread abuse—particularly cryptomining hidden in images and distributed via typo-squatting and deceptive names—presenting operational, financial, and security risk; it provides prevalence data, common indicators (e.g., non-pronounceable repo names, low pull counts, miner binaries), maps techniques to MITRE ATT&CK, and recommends registry scanning, admission controls, and runtime monitoring to reduce exposure.