TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Infosecurity Magazine

Trivy Supply Chain Attack Expands With New Compromised Docker Images

2026-03-23 · Read original ↗

ATT&CK techniques detected

5 predictions
T1195.001Compromise Software Dependencies and Development Tools
97%
“trivy supply chain attack expands with new compromised docker images a new set of compromised docker images linked to the trivy supply chain attack has been identified, expanding the impact of the incident across developer environments and ci / cd pipelines. on march 19, 2026, th…”
T1195.002Compromise Software Supply Chain
92%
“trivy, published an update about the ongoing investigation and confirmed the team identified additional suspicious activity on sunday, march 22, involving unauthorized changes and repository tampering. " based on our current understanding, this activity is consistent with the att…”
T1195.001Compromise Software Dependencies and Development Tools
38%
“trivy, published an update about the ongoing investigation and confirmed the team identified additional suspicious activity on sunday, march 22, involving unauthorized changes and repository tampering. " based on our current understanding, this activity is consistent with the att…”
T1195.001Compromise Software Dependencies and Development Tools
34%
“##thub organization linked to aqua security was briefly exposed, with dozens of repositories renamed and made public during the attack. investigators believe the attacker used a compromised service account token that had access to multiple github organizations. the repositories w…”
T1078.001Default Accounts
34%
“##thub organization linked to aqua security was briefly exposed, with dozens of repositories renamed and made public during the attack. investigators believe the attacker used a compromised service account token that had access to multiple github organizations. the repositories w…”

Summary

New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans