Tag: container
-
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open-source artifacts across containers, libraries, Actions and skills. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/chainguard-factory-automate-hardening-software-supply-chain
-
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open-source artifacts across containers, libraries, Actions and skills. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/chainguard-factory-automate-hardening-software-supply-chain
-
The State of Trusted Open Source Report
In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and builds. These insights shed light on what teams pull, deploy, and maintain day to day, alongside…
-
How Sonatype’s Container Scanning Protects You From Zero-Days
<div cla Software development moves fast, and engineering teams face intense pressure to deliver applications securely without slowing down. Containers offer incredible speed and portability, allowing developers to build and deploy applications rapidly. But this speed introduces hidden risks when organizations rely on inadequate tools to secure their environments. First seen on securityboulevard.com Jump to…
-
Why Kubernetes controllers are the perfect backdoor
Tags: access, api, automation, backdoor, compliance, container, control, kubernetes, malicious, mitre, service, threatFigure 1: Anatomy of a controller-based attack. The malicious webhook intercepts legitimate pod creation requests and injects a backdoor sidecar before the object is persisted to etcd. Niranjan Kumar Sharma As illustrated in Figure 1, this webhook acts as a controller. Every time a legitimate pod is created (e.g., a payment service), the API server sends…
-
Breaking out: Can AI agents escape their sandboxes?
Container sandboxes are part of routine AI agent testing and deployment. Agents use them to run code, edit files, and interact with system resources without direct access to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/ai-agents-container-breakout-capabilities-research/
-
PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials
Tags: access, advisory, api, attack, cloud, container, credentials, data, exploit, extortion, github, group, infrastructure, malicious, malware, open-source, pypi, supply-chain, tactics, tool, vulnerabilityAn expanding supply-chain campaign: The LiteLLM incident has been confirmed to be a part of the rapidly unfolding TeamPCP supply chain campaign that first compromised Trivy.Trivy, developed by Aqua Security, is a widely used open-source vulnerability scanner designed to identify security issues in container images, file systems, and infrastructure-as-code (IaC) configurations. The ongoing attack, attributed…
-
GoHarbor Issues Urgent Patch for Harbor Flaw Allowing Full Registry Compromise
A critical security flaw in GoHarbor’s Harbor container registry exposes organizations to severe supply chain attacks. Tracked as CVE-2026-4404, this vulnerability stems from hardcoded default credentials that remain active unless manually altered by an administrator. Harbor functions as an open-source, OCI-compliant registry project designed to store, sign, and manage container images. Because it plays a…
-
44 Aqua Security repositories defaced after Trivy supply chain breach
Malicious Trivy images on Docker Hub spread infostealer malware, exposing developers after a supply chain attack. Researchers found malicious Trivy images on Docker Hub linked to a supply chain attack. Versions 0.69.40.69.6, now removed, contained TeamPCP infostealer code. Suspicious tags were pushed without matching GitHub releases, increasing the risk to developers using compromised container images.…
-
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments.The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library.”New image tags 0.69.5 and…
-
Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps
GitLab CI/CD pipelines often accumulate configuration decisions that drift from security baselines over time. Container images get pinned to mutable tags, branches lose … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/23/plumber-open-source-gitlab-ci-cd-compliance-scanner/
-
Trusted Java Containers: Azul Zulu OpenJDK Joins Docker’s Official Images
Azul Zulu OpenJDK is now available as Docker Official images on Docker Hub, giving developers trusted, secure, and verified Java for their container builds. Learn all about it here. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/trusted-java-containers-azul-zulu-openjdk-joins-dockers-official-images/
-
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets.The latest incident impacted GitHub Actions “aquasecurity/trivy-action” and “aquasecurity/setup-trivy,” which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow First seen…
-
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets.The latest incident impacted GitHub Actions “aquasecurity/trivy-action” and “aquasecurity/setup-trivy,” which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow First seen…
-
Llamafile, Mozilla’s portable LLM runner, gets GPU support and a rebuilt core
Running a large language model on a single machine without cloud access or a container runtime remains a priority for practitioners working in air-gapped or … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/20/llamafile-0-10-0-released/
-
Bolster your defenses and close the codecloud gap with Tenable and OX
Tags: access, ai, application-security, attack, business, ciso, cloud, container, control, data, data-breach, defense, detection, endpoint, exploit, framework, identity, infrastructure, intelligence, Internet, risk, service, software, strategy, technology, threat, tool, training, vulnerabilityToday, cloud security teams face fragmented visibility and the challenge of prioritizing risks while identifying fix owners. A new joint solution from Tenable and OX helps you close the code-to-cloud gap from development through runtime. By combining CNAPP with deep AppSec, this integration is designed to eliminate visibility gaps and accelerate remediation. Key takeaways Bridge…
-
ColorTokens Once Again Named a Leader and Outperformer in the 2026 GigaOm Radar for Microsegmentation
Microsegmentation has moved well beyond a narrow infrastructure conversation. Today, teams need to enforce policy across cloud workloads, data centers, user endpoints, containers, and OT and IoT environments without creating more operational friction than security value. That broader requirement is exactly why we built the ColorTokens Xshield Enterprise Microsegmentation Platform the way we did. It is also……
-
Heading to RSA Conference 2026? Mark your Calendar and Meet Thales!
Tags: access, ai, application-security, attack, communications, compliance, conference, container, control, cybersecurity, data, defense, firewall, framework, GDPR, google, HIPAA, iam, ibm, injection, LLM, malicious, risk, tool, vulnerabilityHeading to RSA Conference 2026? Mark your Calendar and Meet Thales! madhav Tue, 03/17/2026 – 05:14 The countdown is on. From March 2326, the cybersecurity community will gather once again at the Moscone Center in San Francisco, and Thales will be at the heart of it. Cybersecurity Chad Couser – Director Marketing Communications Thales More…
-
Runtime: The new frontier of AI agent security
Tags: access, ai, automation, ceo, ciso, computer, container, control, crowdstrike, cybersecurity, data, detection, edr, endpoint, firewall, framework, incident response, jobs, monitoring, network, openai, risk, saas, technology, threat, tool, vulnerability, zero-dayWhat runtime monitoring looks like: Once an organization knows where its agents are, the question is what to watch for, and how.Elia Zaitsev, CTO of CrowdStrike, tells CSO that existing endpoint detection and response (EDR) tools already capture the kinds of behavior needed to track AI agents. They instrument operating systems like a flight data…
-
CrackArmor Flaws Expose Linux Systems to Privilege Escalation
CrackArmor AppArmor flaws let local Linux users gain root, break containers and enable DoS attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crackarmor-linux-privilege/
-
CrackArmor Flaws Expose Linux Systems to Privilege Escalation
CrackArmor AppArmor flaws let local Linux users gain root, break containers and enable DoS attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crackarmor-linux-privilege/
-
Nine critical vulnerabilities in Linux AppArmor put over 12M enterprise systems at risk
From profile manipulation to root shell: The blog post detailed a full privilege escalation chain demonstrated on a default Ubuntu Server installation with the Postfix mail server. By loading a crafted security profile that blocks a specific privilege-dropping capability in Sudo, the researchers said they forced Sudo into a “fail-open” condition: unable to shed its…
-
Nine critical vulnerabilities in Linux AppArmor put over 12M enterprise systems at risk
From profile manipulation to root shell: The blog post detailed a full privilege escalation chain demonstrated on a default Ubuntu Server installation with the Postfix mail server. By loading a crafted security profile that blocks a specific privilege-dropping capability in Sudo, the researchers said they forced Sudo into a “fail-open” condition: unable to shed its…
-
Unprivileged users could exploit AppArmor bugs to gain root access
Researchers found nine “CrackArmor” flaws in Linux AppArmor that could let unprivileged users bypass protections, gain root privileges, and weaken container isolation. Qualys researchers disclosed nine vulnerabilities, collectively tracked as CrackArmor, in the Linux kernel’s AppArmor module. The flaws have existed since 2017 and could allow unprivileged users to bypass protections, escalate privileges to root,…
-
‘CrackArmor’ Vulnerability in AppArmor Impacts 12.6M Linux Systems
Qualys uncovers ‘CrackArmor’ vulnerabilities in AppArmor that could expose 12.6M Linux systems to root access and container escapes. First seen on hackread.com Jump to article: hackread.com/crackarmor-vulnerability-apparmor-linux-systems/
-
Sicherheitsmodul im Linux-Kernel weist neun Sicherheitslücken auf
Die Qualys Threat Research Unit (TRU) hat ‘CrackArmor” entdeckt. Dabei handelt es sich um eine Reihe von neun Schwachstellen in <>, einem weit verbreiteten Sicherheitsmodul im Linux-Kernel. Diese Schwachstellen haben seit 2017 über 12 Millionen Unternehmenssysteme, auf denen Ubuntu-, Debian- und Suse-Distributionen laufen, angreifbar gemacht, sodass lokale Angreifer vollständigen Root-Zugriff erlangen, Container-Ausbrüche ausführen und systemweite…
-
Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel’s AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate to root, and undermine container isolation guarantees.The nine confused deputy vulnerabilities have been collectively codenamed CrackArmor by the Qualys Threat Research Unit (TRU). The First seen on thehackernews.com Jump to…
-
Critical CrackArmor Vulnerabilities Expose 12.6 Million Linux Servers to Full Root Takeover
A newly disclosed set of nine vulnerabilities, dubbed >>CrackArmor,<< has exposed a critical flaw in AppArmor, a foundational Linux security module. AppArmor serves as the default mandatory access control system for Ubuntu, Debian, SUSE, and numerous cloud platforms, this flaw allows unprivileged local users to bypass container isolation and gain full root control over compromised…