Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Researchers reported a supply-chain compromise of the Trivy container scanner and related GitHub Actions by the actor TeamPCP: malicious Trivy images (0.69.4–0.69.6) containing a TeamPCP infostealer were pushed to Docker Hub, a compromised Argon-DevOps-Mgt service account token was used to deface Aqua Security internal repositories, attackers leveraged stolen credentials to backdoor dozens of npm packages with a self-propagating CanisterWorm, and a separate payload functioning as a Kubernetes wiper selectively destroys Iranian clusters while installing backdoors elsewhere.