Overview
- Docker, which detailed the breach Monday, said Trivy images tagged 0.69.4, 0.69.5, 0.69.6 and latest were removed after they could siphon CI and cloud keys, with 0.69.3 named as the last known clean release.
- Investigators say the intruders reused GitHub Actions and service account tokens to publish trojanized releases and to force‑push tags that scraped runner memory for tokens and uploaded encrypted archives as a fallback.
- The attackers defaced 44 repositories in Aqua’s internal GitHub organization on Sunday using a compromised Argon‑DevOps‑Mgt account with admin access across orgs.
- Mandiant said Tuesday that more than 1,000 downstream SaaS and cloud environments are now dealing with compromises and face a high risk of loud, aggressive extortion attempts.
- Researchers also tied the crew this week to poisoned Checkmarx GitHub Actions and LiteLLM PyPI releases, highlighting cascading supply‑chain risk and the need to pin to digests or SHAs, verify provenance, and rotate all exposed secrets.