Security

All AI CI/CD Cloud DevOps Docker eBPF Go Journal Kubernetes Linux Networking Python Security Terraform

TRIVY DOCKER IMAGES COMPROMISED

TeamPCP silently pushed three poisoned Docker images - 0.69.4, 0.69.5, 0.69.6 - to Docker Hub without any corresponding GitHub releases, armed them with a 3-stage …

mrcloudbook · Mar 23, 2026 · 22 min read

CanisterWorm The Self-Propagating npm Supply Chain Worm

CanisterWorm is a self-propagating malware that infected 64+ npm packages in March 2026. Named by Aikido Security and Socket.dev, it's notable for two historic firsts: …

mrcloudbook · Mar 23, 2026 · 16 min read

Jenkins RCE Vulnerability (CVE-2026-33001) - Patch to 2.555 Now

The Jenkins project released a security advisory on March 18, 2026, addressing three vulnerabilities - two rated High and one Medium. The most critical, CVE-2026-33001, …

mrcloudbook · Mar 21, 2026 · 13 min read

How Trivy Was Compromised to Deliver Malware (Again)

On March 19, 2026, Trivy - the most widely used open-source vulnerability scanner in DevSecOps pipelines - had its release process compromised for the second …

mrcloudbook · Mar 20, 2026 · 14 min read

When Trivy’s CI Turned Against It - The Incident, Impact

Trivy Got Hacked: What Actually Happened?

mrcloudbook · Mar 04, 2026 · 6 min read