Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Docker Hub container images leaking secrets across more than 100 organizations

Data Leak
First reported
Last updated
Happening score
H score 26
1 unique sources, 2 articles

Summary

Hide ▲

Researchers uncovered more than 10,000 Docker Hub container images leaking production API keys, cloud tokens, CI/CD credentials, and AI model access tokens, putting secrets from more than 100 organizations at risk. The exposure matters because publicly published container images can act as durable leak vectors for machine credentials that enable cloud, pipeline, and application access.

Related Happenings

Unnamed organization stolen data published on DLS

Data Leak
First: 06.05.2026 16:00 Last: 06.05.2026 16:00 Sources 1

About this happening: **Stolen data** from an **unnamed organization** was later posted on a **data leak site (DLS)**, confirming exposure and increasing extortion pressure. The publication followed an...

Open Happening

Developer environments using KICS data exposed after Checkmarx breach

Data Leak
First: 23.04.2026 19:05 Last: 23.04.2026 19:05 Sources 1

About this happening: The compromised **Checkmarx KICS** toolchain was used to exfiltrate **GitHub tokens**, **cloud credentials**, and other secrets from developer environments, creating immediate acc...

Open Happening

TeamPCP infostealer in compromised Trivy Docker Hub images

Malware Activity
First: 23.03.2026 17:05 Last: 23.03.2026 17:05 Sources 1

About this happening: **TeamPCP infostealer** was found in additional **compromised Trivy Docker images**, extending the malware distribution path through **Docker Hub**. The newly identified tags **0....

Open Happening

Aqua Security hit by data theft breach

Incident
First: 20.03.2026 19:47 Last: 20.03.2026 19:47 Sources 1

About this happening: The **Aqua Security Trivy** incident involved a **supply-chain compromise** that delivered a **credential-stealing infostealer** through trusted releases and **GitHub Actions**. A...

Latest development: 23.03.2026 10:31

TeamPCP broadened the Trivy supply-chain compromise by pushing trojanized Docker Hub images for Trivy 0.69.4, 0.69.5, and 0.69.6 on March 22, 2026, then defacing all 44 internal repositories in Aqua Security's aquasec-com GitHub organization by renaming them with the tpcp-docs- prefix, setting descriptions to "TeamPCP Owns Aqua Security," and exposing them publicly.

Open Happening

Global Profit / MC Profit Always exposed phishing repository leak

Data Leak
First: 25.02.2026 01:57 Last: 25.02.2026 01:57 Sources 1

About this happening: An exposed repository tied to **Global Profit / MC Profit Always** leaked an **SQL database** and **Telegram webhook logs**, exposing phishing-operator communications and infrastr...

Open Happening

Timeline

  1. 04.02.2026 17:05 3 articles · 3mo ago

    Docker Hub container images leaking secrets across more than 100 organizations

    Initial Disclosure

    The initial phase was a broad secret-discovery finding in public container images. It centered on live credentials being embedded in images that developers had unintentionally pushed to a public registry.

    Show sources
    Open in new tab