Tag: docker
-
From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting
We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here’s how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/from-path-traversal-to-supply-chain-compromise-breaking-mcp-server-hosting/
-
From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting
We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here’s how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/from-path-traversal-to-supply-chain-compromise-breaking-mcp-server-hosting/
-
Docker makes Hardened Images Catalog affordable for small businesses
The Docker team has announced unlimited access to its Hardened Images catalog to make access to secure software bundles affordable for all development teams at startups and SMBs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/docker-makes-hardened-images-catalog-affordable-for-small-businesses/
-
10.0-severity RCE flaw puts 60,000 Redis instances at risk
Tags: authentication, cloud, container, cve, data-breach, docker, exploit, flaw, group, Internet, network, rce, remote-code-execution, risk, vulnerabilityLack of Redis authentication is a widespread issue: While Redis supports authentication, it is often deployed without it, especially on internal networks, but also on the internet. For example, the Wiz researchers note that in 57% of cloud environments, Redis is deployed as a container image and the official Redis container on Docker Hub does…
-
Termix Docker Image Leaking SSH Credentials (CVE-2025-59951)
A critical vulnerability in the official Termix Docker image puts users at risk of exposing sensitive SSH credentials. The flaw allows anyone with network access to retrieve stored host addresses, usernames, and passwords without logging in. How the Vulnerability Works Termix provides a Docker image that runs a Node.js backend behind an Nginx reverse proxy.…
-
Docker APIs Targeted FireTail Blog
Sep 30, 2025 – Lina Romero – In 2025’s fast-moving cyber landscape, attacks are everywhere and AI and APIs are the biggest targets. We’ve spoken before about hackers exploiting Docker Swarm to launch cryptomining attacks, but now attackers are using Docker APIs for other malicious purposes. It started this June. Trend Micro noticed abnormal activity…
-
Mit ShadowV2 wird DDoS zu einem Cloud-nativen Abo-Dienst
DDos-Attacken sind mittlerweile als Auftragsmodell verfügbar, wie eine aktuelle Analyse zeigt.Laut einer Darktrace-Analyse nutzt eine ShadowV2-Bot-Kampagne falsch konfigurierte Docker-Container auf AWS und rüstet sie für DDoS-as-a-Service-Angriffe auf.Was ShadowV2 dabei besonders macht, ist die professionelle Ausstattung mit APIs, Dashboards, Betreiber-Logins und sogar animierten Benutzeroberflächen. ‘Dies ist eine weitere Erinnerung daran, dass Cyberkriminalität kein Nebenjob mehr ist,…
-
ShadowV2 and AWS: The Rise of Cloud-Native DDoS-for-Hire Attacks
ShadowV2 exploits AWS Docker flaws to deliver advanced DDoS-for-hire attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/cloud-security/shadowv2-and-aws-the-rise-of-cloud-native-ddos-for-hire-attacks/
-
ShadowV2 Botnet Infects AWS Docker Containers to Launch DDoS Campaign
Darktrace’s latest investigation uncovered a novel campaign that blends traditional malware with modern DevOps technology. At the center of this operation lies a Python-based command-and-control (C2) framework hosted on GitHub CodeSpaces. The threat actors leverage a multi-stage Docker deployment initiated by a Python spreader, followed by a Go-based Remote Access Trojan (RAT) that implements a…
-
Exposed Docker Daemons Fuel DDoS Botnet
The for-hire platform leverages legitimate cloud-native tools to make detection and disruption harder for defenders and SOC analysts. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/exposed-docker-daemons-fuel-ddos-botnet
-
ShadowV2 turns DDoS into a cloud-native subscription service
From botnet to business platform: ShadowV2 is not just malware, it is a marketplace. Darktrace uncovered a full operator interface built with Tailwind and FastAPI, complete with Swagger documentation, admin and user privilege tiers, blacklists, and modular attack options. The design mirrors legitimate SaaS platforms, featuring dashboards and animations that make DDoS as easy as…
-
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoSHire Service
Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest.The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web Services (AWS) cloud servers to deploy a Go-based malware that turns infected systems into attack nodes First seen…
-
Monitoring in KMU professionell und einfach umsetzen – Checkmk auf Synology-NAS: Monitoring einfach per Docker
First seen on security-insider.de Jump to article: www.security-insider.de/checkmk-auf-synology-nas-monitoring-einfach-per-docker-a-653194fb677dd91090f29f706729114d/
-
Docker malware breaks in through exposed APIs, then changes the locks
The variant has creative twists: Setting the variant apart is its move to deny others access to the same Docker API, effectively monopolizing the attack surface. It tries to modify firewall settings (iptables, nft, firewall-cmd, etc.) via a cron job to drop or reject incoming connections to port 2375. A cron job is a scheduled…
-
Hackers hide behind Tor in exposed Docker API breaches
A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-hide-behind-tor-in-exposed-docker-api-breaches/
-
Hackers hide behind Tor in exposed Docker API breaches
A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-hide-behind-tor-in-exposed-docker-api-breaches/
-
New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs
Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development. First seen on hackread.com Jump to article: hackread.com/new-docker-malware-blocking-rivals-exposed-apis/
-
New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs
Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development. First seen on hackread.com Jump to article: hackread.com/new-docker-malware-blocking-rivals-exposed-apis/
-
New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs
Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development. First seen on hackread.com Jump to article: hackread.com/new-docker-malware-blocking-rivals-exposed-apis/
-
TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs
Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs.Akamai, which discovered the latest activity last month, said it’s designed to block other actors from accessing the Docker API from the internet.The findings build on a prior report from Trend Micro in…
-
New Malware Exploits Exposed Docker APIs to Gain Persistent Root SSH Access
The Akamai Hunt Team has uncovered a new strain of malware that targets exposed Docker APIs with expanded infection capabilities. First observed in August 2025 within Akamai’s honeypot infrastructure, this variant diverges from the June 2025 Trend Micro report by blocking other attackers from accessing the Docker API and delivering a modular payload rather than…
-
âš¡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More
Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hands can be enough to open the door.The news this week shows how attackers are mixing methods”, combining stolen access, unpatched software, and…
-
Docker Desktop Vulnerability Allowed Host Takeover on Windows, macOS
A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious… First seen on hackread.com Jump to article: hackread.com/docker-desktop-vulnerability-host-takeover-windows-macos/
-
Docker fixes critical Desktop flaw allowing container escapes
Docker fixed a critical flaw in the Docker Desktop app for Windows and macOS that could potentially allow an attacker to escape the confines of a container. Docker fixed a critical vulnerability, tracked as CVE-2025-9074 (CVSS score of 9.3), impacting Docker Desktop app for Windows and macOS. An attacker can exploit the flaw to potentially escape…
-
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container.The vulnerability, tracked as CVE-2025-9074, carries a CVSS score of 9.3 out of 10.0. It has been addressed in version 4.44.3.”A malicious…
-
Critical Docker Desktop flaw lets attackers hijack Windows hosts
A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/
-
Cybersecurity Snapshot: Industrial Systems in Crosshairs of Russian Hackers, FBI Warns, as MITRE Updates List of Top Hardware Weaknesses
Tags: access, ai, attack, automation, cisa, cisco, cloud, conference, control, credentials, cve, cyber, cybersecurity, data, data-breach, deep-fake, detection, docker, espionage, exploit, flaw, framework, fraud, google, government, group, guide, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iot, LLM, microsoft, mitigation, mitre, mobile, network, nist, risk, russia, scam, service, side-channel, software, strategy, switch, technology, threat, tool, update, vulnerability, vulnerability-management, windowsCheck out the FBI’s alert on Russia-backed hackers infiltrating critical infrastructure networks via an old Cisco bug. Plus, MITRE dropped a revamped list of the most important critical security flaws. Meanwhile, NIST rolled out a battle plan against face-morphing deepfakes. And get the latest on the CIS Benchmarks and on vulnerability prioritization strategies! Here are…
-
Windows Docker Desktop Vulnerability Allows Full Host Compromise
A critical vulnerability in Docker Desktop for Windows has been discovered that allows any container to achieve full host system compromise through a simple Server-Side Request Forgery (SSRF) attack. The flaw, designated CVE-2025-9074, was patched in Docker Desktop version 4.44.3 released in August 2025. CVE Details CVE ID CVE-2025-9074 CVSS Score Critical (Estimated 9.0+) Affected…