Tag: docker
-
ShadowV2 turns DDoS into a cloud-native subscription service
From botnet to business platform: ShadowV2 is not just malware, it is a marketplace. Darktrace uncovered a full operator interface built with Tailwind and FastAPI, complete with Swagger documentation, admin and user privilege tiers, blacklists, and modular attack options. The design mirrors legitimate SaaS platforms, featuring dashboards and animations that make DDoS as easy as…
-
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoSHire Service
Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest.The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web Services (AWS) cloud servers to deploy a Go-based malware that turns infected systems into attack nodes First seen…
-
Monitoring in KMU professionell und einfach umsetzen – Checkmk auf Synology-NAS: Monitoring einfach per Docker
First seen on security-insider.de Jump to article: www.security-insider.de/checkmk-auf-synology-nas-monitoring-einfach-per-docker-a-653194fb677dd91090f29f706729114d/
-
Docker malware breaks in through exposed APIs, then changes the locks
The variant has creative twists: Setting the variant apart is its move to deny others access to the same Docker API, effectively monopolizing the attack surface. It tries to modify firewall settings (iptables, nft, firewall-cmd, etc.) via a cron job to drop or reject incoming connections to port 2375. A cron job is a scheduled…
-
Hackers hide behind Tor in exposed Docker API breaches
A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-hide-behind-tor-in-exposed-docker-api-breaches/
-
Hackers hide behind Tor in exposed Docker API breaches
A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-hide-behind-tor-in-exposed-docker-api-breaches/
-
New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs
Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development. First seen on hackread.com Jump to article: hackread.com/new-docker-malware-blocking-rivals-exposed-apis/
-
New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs
Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development. First seen on hackread.com Jump to article: hackread.com/new-docker-malware-blocking-rivals-exposed-apis/
-
New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs
Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development. First seen on hackread.com Jump to article: hackread.com/new-docker-malware-blocking-rivals-exposed-apis/
-
TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs
Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs.Akamai, which discovered the latest activity last month, said it’s designed to block other actors from accessing the Docker API from the internet.The findings build on a prior report from Trend Micro in…
-
New Malware Exploits Exposed Docker APIs to Gain Persistent Root SSH Access
The Akamai Hunt Team has uncovered a new strain of malware that targets exposed Docker APIs with expanded infection capabilities. First observed in August 2025 within Akamai’s honeypot infrastructure, this variant diverges from the June 2025 Trend Micro report by blocking other attackers from accessing the Docker API and delivering a modular payload rather than…
-
âš¡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More
Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hands can be enough to open the door.The news this week shows how attackers are mixing methods”, combining stolen access, unpatched software, and…
-
Docker Desktop Vulnerability Allowed Host Takeover on Windows, macOS
A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious… First seen on hackread.com Jump to article: hackread.com/docker-desktop-vulnerability-host-takeover-windows-macos/
-
Docker fixes critical Desktop flaw allowing container escapes
Docker fixed a critical flaw in the Docker Desktop app for Windows and macOS that could potentially allow an attacker to escape the confines of a container. Docker fixed a critical vulnerability, tracked as CVE-2025-9074 (CVSS score of 9.3), impacting Docker Desktop app for Windows and macOS. An attacker can exploit the flaw to potentially escape…
-
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container.The vulnerability, tracked as CVE-2025-9074, carries a CVSS score of 9.3 out of 10.0. It has been addressed in version 4.44.3.”A malicious…
-
Critical Docker Desktop flaw lets attackers hijack Windows hosts
A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/
-
Cybersecurity Snapshot: Industrial Systems in Crosshairs of Russian Hackers, FBI Warns, as MITRE Updates List of Top Hardware Weaknesses
Tags: access, ai, attack, automation, cisa, cisco, cloud, conference, control, credentials, cve, cyber, cybersecurity, data, data-breach, deep-fake, detection, docker, espionage, exploit, flaw, framework, fraud, google, government, group, guide, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iot, LLM, microsoft, mitigation, mitre, mobile, network, nist, risk, russia, scam, service, side-channel, software, strategy, switch, technology, threat, tool, update, vulnerability, vulnerability-management, windowsCheck out the FBI’s alert on Russia-backed hackers infiltrating critical infrastructure networks via an old Cisco bug. Plus, MITRE dropped a revamped list of the most important critical security flaws. Meanwhile, NIST rolled out a battle plan against face-morphing deepfakes. And get the latest on the CIS Benchmarks and on vulnerability prioritization strategies! Here are…
-
Windows Docker Desktop Vulnerability Allows Full Host Compromise
A critical vulnerability in Docker Desktop for Windows has been discovered that allows any container to achieve full host system compromise through a simple Server-Side Request Forgery (SSRF) attack. The flaw, designated CVE-2025-9074, was patched in Docker Desktop version 4.44.3 released in August 2025. CVE Details CVE ID CVE-2025-9074 CVSS Score Critical (Estimated 9.0+) Affected…
-
âš¡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More
Power doesn’t just disappear in one big breach. It slips away in the small stuff”, a patch that’s missed, a setting that’s wrong, a system no one is watching. Security usually doesn’t fail all at once; it breaks slowly, then suddenly. Staying safe isn’t about knowing everything”, it’s about acting fast and clear before problems…
-
Whispers of XZ Utils Backdoor Live on in Old Docker Images
Developers maintaining the images made the intentional choice to leave the artifacts available as a historical curiosity, given the improbability they’d be exploited. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/xz-utils-backdoor-live-old-docker-images
-
Docker Hub still hosts dozens of Linux images with the XZ backdoor
The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organizations, and their data at risk. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/docker-hub-still-hosts-dozens-of-linux-images-with-the-xz-backdoor/
-
Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks
New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident.More troubling is the fact that other images have been built on top of these infected base images, effectively propagating the infection further in a transitive manner, Binarly REsearch said…
-
CISA releases Thorium, an open-source, scalable platform for malware analysis
Tags: access, ceo, cio, cisa, compliance, container, control, cyber, cybersecurity, data, docker, framework, github, governance, incident response, kubernetes, malware, open-source, privacy, risk, skills, toolRethinking malware analysis at scale: Enterprise-grade malware analysis tools and platforms have been widely used in the security community. But many of them require paid licenses, lack orchestration at scale, or are difficult to integrate with enterprise workflows. Experts view Thorium as a significant democratization of advanced malware analysis technology.”It is a big deal as…
-
Google patches Gemini CLI tool after prompt injection flaw uncovered
README.md GNU Public License file of the sort that would be part of any open source repo.The researchers then uncovered a combination of smaller weaknesses that could be exploited together to run malicious shell commands without the user’s knowledge. The first weakness is that Gemini CLI sensibly allows users to allowlist frequent commands, for example,…
-
Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware
The threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has shifted its tactics to target Magento CMS and misconfigured Docker instances.The activity has been attributed to a threat actor tracked as Mimo (aka Hezb), which has a long history of leveraging N-day security flaws in various web applications to deploy…