Docker
Docker Hardened Images now open source and available for free
More than a 1,000 Docker Hardened Images (DHI) are now freely available and open source for software builders, under the Apache 2.0 license. Docker is a popular platform that enables developers to build, test, and deploy applications quickly inside container images that include the required dependencies, allowing for predictable and repeatable results across various systems and environments. DHIs, launched in May […]
Over 10,000 Docker Hub images found leaking credentials, auth keys
More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. The secrets impact a little over 100 organizations, among them are a Fortune 500 company and a major national bank. Docker Hub is the largest container registry where developers upload, host, […]
Dangerous runC flaws could allow hackers to escape Docker containers
Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system. The security issues, tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 (all ), were reported this week and disclosed by SUSE software engineer and Open Container Initiative (OCI) board […]
Docker makes Hardened Images Catalog affordable for small businesses
The Docker team has announced unlimited access to its Hardened Images catalog to make access to secure software bundles affordable for all development teams at startups and SMBs. Starting today, container images that have been verified to be free of known vulnerabilities (near-zero CVEs), are available to all users through a subscription and a 30-day free […]
Hackers hide behind Tor in exposed Docker API breaches
A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet. The activity was first reported in June by cybersecurity company Trend Micro. whose researchers analyzed scripts and malicious code that dropped a cryptominer and relied on the Tor network to hide […]
Critical Docker Desktop flaw lets attackers hijack Windows hosts
A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. The security issue is a server-side request forgery (SSRF) now identified as CVE-2025-9074, and it received a critical severity rating of 9.3. “A malicious container running on Docker Desktop […]
Docker Hub still hosts dozens of Linux images with the XZ backdoor
The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organizations, and their data at risk. Docker Hub is the official public container image registry operated by Docker, allowing developers and organizations to upload or download prebuilt images and share them with the […]
Kali Linux can now run in Apple containers on macOS systems
Cybersecurity professionals and researchers can now launch Kali Linux in a virtualized container on macOS Sequoia using Apple’s new containerization framework. During WWDC 2025, Apple announced a new containerization framework that allows Apple Silicon hardware to run isolated Linux distros in its virtualized environment, similar to Microsoft Windows Subsystem for Linux 2 (WSL2). To get started, users on macOS Sequoia […]
Windows 11 and Red Hat Linux hacked on first day of Pwn2Own
On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, and Oracle VirtualBox. Red Hat Enterprise Linux for Workstations was the first to fall in the local privilege escalation category after DEVCORE Research Team’s Pumpkin exploited an integer overflow vulnerability to […]
Docker Desktop blocked on Macs due to false malware alert
Docker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate. The first reports of the malware alerts surfaced on January 7, 2025, when macOS users received an unexpected ‘Malware Blocked’ message preventing them from opening the Docker containers management app. […]