DevSecOps

• Trivy Supply Chain Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper March 23, 2026

  Aqua Security's Trivy vulnerability scanner was compromised via stolen credentials, spreading an infostealer to Docker Hub images and two GitHub Actions, then cascading into a self-propagating npm worm and a Kubernetes wiper targeting Iranian clusters.