Consider using image signing to mitigate tampering attack
Use trusted and verified VM images. Images from non-trusted sources
may contain security breaches or unsolicited malicious code (spoofing,
information disclosure).
Scan a VM image that you are going to use with a vulnerability scanner
like Nessus and an antivirus scanner.