Docker

• Malicious Trivy Images on Docker Hub: Why Tag Pinning Isn't Enough March 23, 2026

  Trivy versions 0.69.4 through 0.69.6 were compromised on Docker Hub as part of the ongoing TeamPCP supply chain attack against Aqua Security. The incident is a concrete demonstration of why mutable Docker tags are a structural trust problem in CI/CD pipelines.