Trivy Supply Chain Attack Spreads via Compromised Docker Hub Images

A supply-chain attack has compromised Trivy Docker images (notably tags 0.69.5 and 0.69.6) on Docker Hub; analysis links these images to the TeamPCP infostealer (exfiltration artifacts, typosquatted C2 domain, and references to a fallback GitHub repo). Version 0.69.3 is the last verified clean release, attackers may have published unauthorized releases and possibly accessed Aqua Security's GitHub organization, and organizations are advised to audit CI/CD pipelines, avoid affected versions, and revoke credentials.