A recent supply chain attack compromised Aqua Security's internal GitHub organization, allowing attackers to deface 44 repositories in a matter of minutes. The breach originated from malicious Trivy images on Docker Hub, specifically versions 0.69.4–0.69.6, which contained TeamPCP infostealer code1. These tainted images were pushed to Docker Hub without corresponding GitHub releases, putting developers who used the compromised container images at risk of exposure. The attack highlights the importance of verifying the integrity of container images, especially those from trusted sources. The fact that the malicious images were able to spread infostealer malware underscores the potential consequences of such a breach. This incident matters to practitioners because it demonstrates how a single point of compromise in the supply chain can have far-reaching consequences, making it essential for developers to be vigilant about the sources of their container images.