Trivy Supply Chain Attack Expands with Compromised Docker Images

The Trivy supply chain attack has expanded with the discovery of compromised Docker images versions 0.69.5 and 0.69.6, which contain the TeamPCP infostealer malware. These malicious images specifically target CI/CD pipeline scans, potentially exposing sensitive data during automated security checks. No specific CVE IDs or exact dates of compromise were provided in the report. The attack impacts organizations relying on Trivy for vulnerability scanning in containerized environments. The infostealer is designed to exfiltrate credentials and other confidential information from infected systems.