A new set of compromised Docker images tied to the Trivy supply chain attack has been identified, expanding the impact across developer environments and CI/CD pipelines. On 19 March 2026, threat actors compromised Aqua Security's Trivy vulnerability scanner version 0.69.4, injecting credential-stealing malware into official releases and GitHub Actions; subsequently, additional malicious artifacts were found via Docker Hub after attackers gained access through a GitHub Actions compromise.
The newly identified image tags, 0.69.5 and 0.69.6, were uploaded on 22 March without corresponding GitHub releases; the latest tag points to 0.69.6 and is confirmed to be compromised. On 23 March, Aqua Security published an update confirming additional suspicious activity on Sunday, 22 March, involving unauthorized changes and repository tampering, with investigators noting that the activity aligns with the attacker’s previously observed behaviour according to Aqua Security.
The incident has been linked to the TeamPCP threat group, which security researchers say has expanded its operations beyond credential theft to include worm propagation and other disruptive activities.