CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-33634link is external Aqua Security Trivy Embedded Malicious Code Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

In this article 1. Analyzing the Trivy supply chain compromise 2. Detection and investigation 3. Mitigation and protection guidance 4. Advanced hunting queries 5. References 6. Learn more On March 19, 2026, Trivy, Aqua Security’s widely used open-source vulnerability scanner, was reported to have...

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language. Experts say the wip...

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4,...

Aqua Security多款产品 安全漏洞

Aqua Security Trivy and Trivy Action are both products of Aqua Security. Trivy is a comprehensive and multifunctional security scanner. Trivy Action is a container vulnerability scanning software. Several products from Aqua Security have security vulnerabilities, which stem from supply chain...

Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack

On March 19, 2026, threat actors injected credential-stealing malware into Aqua Security’s Trivy scanner and related GitHub Actions. Learn how "TeamPCP" executed this breach and how to audit your environment...

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced...

EUVD-2025-117048

Malicious code in superb-aqua-dormouse npm...

MAL-2025-138748 Malicious code in genetic-aqua-penguin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c7228b48ce2323d35a74614638bf6644a42e50e30c25160d5b32a179f4073a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-117088

Malicious code in small-aqua-alligator npm...

EUVD-2025-117448

Malicious code in determined-aqua-mackerel npm...

EUVD-2025-117260

Malicious code in local-aqua-sloth npm...

EUVD-2025-117160

Malicious code in profitable-aqua-clownfish npm...

Malicious code in local-aqua-sloth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78d45c913bbc73a37fd3cba872c5b0b747074cd3806fb01b2ea687136384857c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in costly-aqua-whale (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66e11b87589692e13378e5884ac74613c33bf2d49738f658f6a26fe123f4a6a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-117465

Malicious code in costly-aqua-whale npm...

Malicious code in net-aqua-antelope (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1292b50a4c914df6a4cf3e6b10b3eb402d664283510b566a5875c88f52ba78f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in profitable-aqua-clownfish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e00590405f461dda0098122e87e1c693979c95cfc3cc20f847d3d36bf0363f34 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-117209

Malicious code in net-aqua-antelope npm...

EUVD-2025-117354

Malicious code in genetic-aqua-penguin npm...