Trivy Supply Chain Attack Expands With New Compromised Docker Images
New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans
DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon
Darktrace and Cado said the new campaign highlights a shift towards alternative methods of mining cryptocurrencies
According to JFrog, approximately 25% of all repositories lack useful functionality and serve as vehicles for spam and malware
Cado said the payloads facilitated RCE attacks by leveraging common misconfigurations and known vulnerabilities
Discovered by Cado Security, the campaign deploys two containers to vulnerable Docker instances
Cado Security Labs said the bot agent exhibited various methods for conducting DDoS attacks
Infrastructure being built to support new cloud-native campaign
Shared repository is also a hidden source of malware
The threat actors also utilized user and kernel mode rootkits to hide the activity
LemonDuck targets Linux machines