Tag: docker
-
Entwickler-Tools als neue Angriffsfläche
Aktuelle Angriffe auf den Infrastruktur-Scanner <> und den Kommandozeilen-Client von Bitwarden zeigen eine neue Qualität von Supply-Chain-Attacken. Die Angreifer verteilten trojanisierte Versionen über offizielle Kanäle wie npm, Docker-Hub und Github-Actions. Sie unterwanderten damit das Vertrauen, das Entwickler in etablierte Distributionswege setzen. Neben klassischen Zugangsdaten wie Github-Tokens, SSH-Schlüsseln und Cloud-Credentials gerieten auch Konfigurationen von KI-Entwicklungsassistenten […]…
-
Checkmarx Supply Chain Attack Exploits Docker Images and CI/CD Pipelines
A Checkmarx supply chain attack used malicious Docker images and extensions to steal credentials and spread through CI/CD pipelines. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/checkmarx-supply-chain-attack-exploits-docker-images-and-ci-cd-pipelines/
-
Checkmarx Supply Chain Attack Exploits Docker Images and CI/CD Pipelines
A Checkmarx supply chain attack used malicious Docker images and extensions to steal credentials and spread through CI/CD pipelines. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/checkmarx-supply-chain-attack-exploits-docker-images-and-ci-cd-pipelines/
-
New Checkmarx supply-chain breach affects KICS analysis tool
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-checkmarx-supply-chain-breach-affects-kics-analysis-tool/
-
New Checkmarx supply-chain breach affects KICS analysis tool
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-checkmarx-supply-chain-breach-affects-kics-analysis-tool/
-
No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours
Three supply chain attacks hit npm, PyPI, and Docker Hub between April 2123, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD pipelines. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/no-off-season-three-supply-chain-campaigns-hit-npm-pypi-and-docker-hub-in-48-hours/
-
Checkmarx KICS Docker Repo Hijacked in Malicious Code Injection Attack
Tags: attack, cloud, credentials, cyber, docker, infrastructure, injection, malicious, software, supply-chain, threatA massive software supply chain attack has targeted the official Checkmarx KICS (Keeping Infrastructure as Code Secure) Docker Hub repository. Discovered on April 22, 2026, by Docker and Socket, the compromise involves trojanized Docker images and malicious VS Code extensions designed to harvest and exfiltrate highly sensitive developer credentials and cloud infrastructure secrets. Threat actors…
-
Microsoft issues outband patch for critical security flaw in update to ASP.NET Core
UseCustomCryptographicAlgorithms API.A bug in the .NET 10.0.6 package, released as part of the Patch Tuesday updates on April 14, causes the ManagedAuthenticatedEncryptor library to compute the validation tag for the Hash-based Message Authentication Code (HMAC) using an incorrect offset.Incorrect calculation of security hashes results in the .AspNetCore application cookies and tokens being validated and trusted…
-
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository.In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official release.…
-
RCE by design: MCP architectural choice haunts AI agent ecosystem
sh, bash, powershell, curl, rm, and other high-risk binaries, they added.The core issue is that there’s currently no check in place to verify that a STDIO command is intended to initialize an MCP server rather than perform a malicious task. Furthermore, the researchers observed that even if the sent command fails to start the server,…
-
Old Docker authorization bypass pops up despite previous patch
Tags: access, api, botnet, cloud, container, credentials, data, docker, exploit, flaw, monitoring, tool, update, vulnerabilityNo one checked oversized requests: While the previous authorization bypass was triggered when request Content-Length was set to 0, no one checked at the time what would happen in the same function if the request exceeded a certain size.”When an API request body exceeds 1MB, Docker’s middleware silently drops the body before your authorization plugin…
-
Breach Roundup: German Police Expose REvil, GandCrab Boss
Also, Medusa Ransomware, Grafana Flaw, German Political Party Breach. This week, German police unmasked a REvil leader, a critical Docker flaw, Medusa ransomware surged, DPRK hackers abused GitHub, Grafana AI bugs enabled data theft, scams hit $20B in the United States, Ivanti exploited and attacks hit Northern Ireland schools and a German political party. First…
-
Hackers exploit a critical Flowise flaw affecting thousands of AI workflows
Tags: access, ai, authentication, container, cve, data, data-breach, docker, exploit, flaw, hacker, injection, intelligence, linkedin, network, update, vulnerabilityHackers exploit unpatched instances: While a patch has been available for months, a recent VulnCheck finding places the first in-the-wild exploitation on April 6. Caitlin Condon, VP of Security Research at the vulnerability intelligence company, warned of the abuse through a LinkedIn post.”Early this morning, VulnCheck’s Canary network began detecting first-time exploitation of CVE-2025-59528, an…
-
LLM-generated passwords are indefensible. Your codebase may already prove it
Temperature is not a remedy: A reflexive objection from practitioners familiar with LLM configuration holds that increasing sampling temperature would attenuate these distributional biases by flattening the probability landscape from which characters are drawn. Irregular’s empirical results are unambiguous in refuting this intuition. Testing conducted at temperature 1.0, the maximum setting on Claude, produces no…
-
Docker Authorization Bypass Flaw Exposed Hosts to Potential Attackers
A high-severity security vulnerability has been discovered in Docker Engine, exposing hosts to potential authorization bypass attacks. Tracked as CVE-2026-34040, the flaw allows attackers to evade authorization plugins (AuthZ) by manipulating API request bodies. While the base likelihood of exploitation remains low, the vulnerability carries a >>High<< severity rating. It specifically impacts environments relying on…
-
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances.The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix for CVE-2024-41110, a maximum-severity vulnerability in the same component that came to light in July 2024.” First seen on thehackernews.com…
-
Container Security Without Context Is Just More Noise
Smarter container security with Docker Hardened Images. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/container-security-without-context-is-just-more-noise/
-
Docker Flaw (CVE-2026-34040) Lets Attackers Bypass Security Controls and Take Over Hosts
A Docker flaw (CVE-2026-34040) lets attackers bypass authorization controls and potentially take over host systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/docker-flaw-cve-2026-34040-lets-attackers-bypass-security-controls-and-take-over-hosts/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 90
Tags: attack, browser, chrome, cyber, docker, government, international, iran, malware, software, supply-chainSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape New Malware Targets Users of Cobra DocGuard Software Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets Trivy Supply Chain Attack Expands to Compromised Docker Images VoidStealer: Debugging Chrome to Steal…
-
Trivy’s March Supply Chain Attack Shows Where Secret Exposure Hurts Most
The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions tag hijack. What started as a compromise of trivy-action, setup-trivy, and the v0.69.4 release has expanded into malicious Docker Hub images. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/trivys-march-supply-chain-attack-shows-where-secret-exposure-hurts-most/
-
Trivy supply-chain attack spreads to Docker, GitHub repos
The TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images and hijacking the company’s GitHub organization to tamper with dozens of repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trivy-supply-chain-attack-spreads-to-docker-github-repos/
-
Trivy Supply Chain Attack Expands With New Compromised Docker Images
New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/trivy-supply-chain-attack-expands/
-
44 Aqua Security repositories defaced after Trivy supply chain breach
Malicious Trivy images on Docker Hub spread infostealer malware, exposing developers after a supply chain attack. Researchers found malicious Trivy images on Docker Hub linked to a supply chain attack. Versions 0.69.40.69.6, now removed, contained TeamPCP infostealer code. Suspicious tags were pushed without matching GitHub releases, increasing the risk to developers using compromised container images.…
-
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments.The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library.”New image tags 0.69.5 and…
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Trusted Java Containers: Azul Zulu OpenJDK Joins Docker’s Official Images
Azul Zulu OpenJDK is now available as Docker Official images on Docker Hub, giving developers trusted, secure, and verified Java for their container builds. Learn all about it here. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/trusted-java-containers-azul-zulu-openjdk-joins-dockers-official-images/
-
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets.The latest incident impacted GitHub Actions “aquasecurity/trivy-action” and “aquasecurity/setup-trivy,” which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow First seen…