Collecting Cyber-News from over 60 sources

Tag: docker

âš¡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More

Aug 18, 2025 3:54 PM

Tags: backdoor, docker, exploit, fraud, nfc, update

Power doesn’t just disappear in one big breach. It slips away in the small stuff”, a patch that’s missed, a setting that’s wrong, a system no one is watching. Security usually doesn’t fail all at once; it breaks slowly, then suddenly. Staying safe isn’t about knowing everything”, it’s about acting fast and clear before problems…
Whispers of XZ Utils Backdoor Live on in Old Docker Images

Aug 17, 2025 9:54 PM

Tags: backdoor, docker

Developers maintaining the images made the intentional choice to leave the artifacts available as a historical curiosity, given the improbability they’d be exploited. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/xz-utils-backdoor-live-old-docker-images
Docker Hub still hosts dozens of Linux images with the XZ backdoor

Aug 12, 2025 9:19 PM

Tags: backdoor, data, docker, linux

The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organizations, and their data at risk. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/docker-hub-still-hosts-dozens-of-linux-images-with-the-xz-backdoor/
Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks

Aug 12, 2025 9:19 PM

Tags: backdoor, docker, firmware, hacker, infection, risk, supply-chain

New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident.More troubling is the fact that other images have been built on top of these infected base images, effectively propagating the infection further in a transitive manner, Binarly REsearch said…
Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as U.K. Boosts Cyber Assessment Framework

Aug 9, 2025 12:11 AM

Tags: access, advisory, ai, attack, authentication, automation, backup, breach, china, cisa, cloud, computer, credentials, cve, cyber, cybersecurity, data, defense, detection, docker, exploit, framework, github, google, government, grc, group, guide, hacker, healthcare, identity, infrastructure, iot, ISO-27001, jobs, kubernetes, malicious, malware, mfa, microsoft, mitigation, monitoring, network, nist, open-source, password, programming, ransomware, resilience, risk, risk-management, service, social-engineering, software, startup, strategy, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-day

Check out what CISA found after it dissected malware from the latest SharePoint hacks. Plus, the U.K.’s cyber agency is overhauling its cyber framework to keep pace as threats escalate. In addition, Google is warning that cloud attacks are getting dangerously sophisticated. And get the latest on CISA’s new malware analysis platform and its report…
Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as U.K. Boosts Cyber Assessment Framework

Aug 9, 2025 12:11 AM

Tags: access, advisory, ai, attack, authentication, automation, backup, breach, china, cisa, cloud, computer, credentials, cve, cyber, cybersecurity, data, defense, detection, docker, exploit, framework, github, google, government, grc, group, guide, hacker, healthcare, identity, infrastructure, iot, ISO-27001, jobs, kubernetes, malicious, malware, mfa, microsoft, mitigation, monitoring, network, nist, open-source, password, programming, ransomware, resilience, risk, risk-management, service, social-engineering, software, startup, strategy, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-day

Check out what CISA found after it dissected malware from the latest SharePoint hacks. Plus, the U.K.’s cyber agency is overhauling its cyber framework to keep pace as threats escalate. In addition, Google is warning that cloud attacks are getting dangerously sophisticated. And get the latest on CISA’s new malware analysis platform and its report…
CISA releases Thorium, an open-source, scalable platform for malware analysis

Aug 4, 2025 2:28 PM

Tags: access, ceo, cio, cisa, compliance, container, control, cyber, cybersecurity, data, docker, framework, github, governance, incident response, kubernetes, malware, open-source, privacy, risk, skills, tool

Rethinking malware analysis at scale: Enterprise-grade malware analysis tools and platforms have been widely used in the security community. But many of them require paid licenses, lack orchestration at scale, or are difficult to integrate with enterprise workflows. Experts view Thorium as a significant democratization of advanced malware analysis technology.”It is a big deal as…
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto

Jul 31, 2025 4:28 PM

Tags: access, attack, cloud, container, crypto, docker, hacker, jobs, korea, linkedin, malicious, malware, north-korea, programming, social-engineering, software, threat

The North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two different organizations by approaching their employees via LinkedIn and Telegram.”Under the guise of freelance opportunities for software development work, UNC4899 leveraged social engineering techniques to successfully convince the targeted employees to execute malicious Docker containers in their First seen on…
Google patches Gemini CLI tool after prompt injection flaw uncovered

Jul 29, 2025 10:28 PM

Tags: ai, attack, container, docker, exploit, flaw, google, injection, macOS, malicious, open-source, tool, vulnerability

README.md GNU Public License file of the sort that would be part of any open source repo.The researchers then uncovered a combination of smaller weaknesses that could be exploited together to run malicious shell commands without the user’s knowledge. The first weakness is that Gemini CLI sensibly allows users to allowlist frequent commands, for example,…
Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware

Jul 23, 2025 9:12 PM

Tags: crypto, docker, exploit, flaw, tactics, threat, vulnerability

The threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has shifted its tactics to target Magento CMS and misconfigured Docker instances.The activity has been attributed to a threat actor tracked as Mimo (aka Hezb), which has a long history of leveraging N-day security flaws in various web applications to deploy…
Behind the code: How developers work in 2025

Jul 11, 2025 12:40 PM

Tags: ai, docker

How are developers working in 2025? Docker surveyed over 4,500 people to find out, and the answers are a mix of progress and ongoing pain points. AI is gaining ground but … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/11/docker-2025-developer-trends/
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 51

Jun 29, 2025 7:34 PM

Tags: control, docker, exploit, github, google, international, malware, ransomware, spy

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Ransomware Gangs Collapse as Qilin Seizes Control Dissecting a Python Ransomware distributed through GitHub repositories SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play Uncovering a Tor-Enabled Docker Exploit…
University Student Charged for Alleged Hacking and Data Theft

Jun 27, 2025 8:36 AM

Tags: attack, cyber, cybercrime, data, docker, hacking, theft

A 27-year-old former student of Western Sydney University has been charged with a string of cyber offences, following an extensive investigation into a series of cyber attacks that have plagued the institution since 2021. The arrest comes after a coordinated operation by the NSW Police Cybercrime Squad under Strike Force Docker, working in partnership with…
Unsecured Docker APIs tapped for clandestine cryptomining

Jun 26, 2025 10:36 PM

Tags: api, docker

First seen on scworld.com Jump to article: www.scworld.com/brief/unsecured-docker-apis-tapped-for-clandestine-cryptomining
Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network

Jun 24, 2025 1:35 PM

Tags: access, api, crypto, docker, exploit, hacker, network

Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments.”Attackers are exploiting misconfigured Docker APIs to gain access to containerized environments, then using Tor to mask their activities while deploying crypto miners,” Trend Micro researchers Sunil Bharti and Shubham Singh said in an…
Attackers Use Docker APIs, Tor Anonymity in Stealthy Crypto Heist

Jun 23, 2025 5:35 PM

Tags: api, attack, container, crypto, docker

The attack is similar to previous campaigns by an actor called Commando Cat to use misconfigured APIs to compromise containers and deploy cryptocurrency miners. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/attackers-docker-apis-tor-anonymity-crypto-heist
New quantum system offers publicly verifiable randomness for secure communications

Jun 16, 2025 3:54 PM

Tags: blockchain, communications, crypto, cyber, cybersecurity, docker, email, finance, government, Hardware, infrastructure, open-source, software, technology, threat, tool

Nature and detailed in an accompanying arXiv preprint, CURBy leverages the phenomenon of quantum entanglement, where particles maintain interconnected states regardless of distance, to create fundamentally unpredictable outputs.”From a security perspective, this approach offers something valuable the ability to independently verify that random numbers haven’t been compromised,” noted Narayan Gokhale, vice president at QKS Group.…
Docker, HashiCorp, Gitea servers targeted in cryptojacking campaign

Jun 3, 2025 9:55 PM

Tags: docker

First seen on scworld.com Jump to article: www.scworld.com/news/docker-hashicorp-gitea-servers-targeted-in-cryptojacking-campaign
The high cost of misconfigured DevOps tools: Global cryptojacking hits enterprises

Jun 3, 2025 4:54 PM

Tags: access, api, attack, authentication, cloud, control, data-breach, docker, exploit, flaw, infrastructure, Internet, jobs, least-privilege, malware, open-source, service, software, tactics, threat, tool, unauthorized

Lockdown of DevOps exposure: Wiz urges organizations to lock down exposed DevOps infrastructure by following established best practices. For Nomad, enforcing access control lists (ACLs) would have blocked the unauthenticated job executions used in this campaign. Public Gitea instances should be fully patched, with git hooks disabled and the installation locked unless absolutely needed.In Consul,…
Illicit crypto-miners pouncing on lazy DevOps configs that leave clouds vulnerable

Jun 3, 2025 1:54 PM

Tags: attack, cloud, crypto, docker, vulnerability

To stop the JINX-0132 gang behind these attacks, pay attention to HashiCorp, Docker, and Gitea security settings First seen on theregister.com Jump to article: www.theregister.com/2025/06/03/illicit_miners_hashicorp_tools/
The high cost of misconfigured DevOps: Global cryptojacking hits enterprises

Jun 3, 2025 12:55 PM

Tags: access, api, attack, authentication, cloud, control, data-breach, docker, exploit, flaw, infrastructure, Internet, jobs, least-privilege, malware, open-source, service, software, tactics, threat, tool, unauthorized

Lockdown of DevOps exposure: Wiz urges organizations to lock down exposed DevOps infrastructure by following established best practices. For Nomad, enforcing access control lists (ACLs) would have blocked the unauthenticated job executions used in this campaign. Public Gitea instances should be fully patched, with git hooks disabled and the installation locked unless absolutely needed.In Consul,…
Cryptojacking campaign relies on DevOps tools

Jun 3, 2025 10:54 AM

Tags: data-breach, docker, exploit, threat, tool, vulnerability

A cryptojacking campaign is targeting exposed DevOps servers like Docker and Gitea to secretly mine cryptocurrency. Wiz researchers uncovered a cryptojacking campaign, tracked as JINX-0132, targeting exposed DevOps applications like Nomad, Consul, Docker, Gitea to secretly mine cryptocurrency. Threat actors behind the campaign are exploiting a wide range of known misconfigurations and vulnerabilities to deliver the miner.…
Cryptojacking Campaign Exploits DevOps APIs Using OffShelf Tools from GitHub

Jun 2, 2025 6:54 PM

Tags: api, cybersecurity, docker, exploit, github, tool

Cybersecurity researchers have discovered a new cryptojacking campaign that’s targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies.Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations and…
New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

May 27, 2025 7:54 PM

Tags: api, attack, container, crypto, data-breach, docker, malware, threat, worm

Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet.The attacks, designed to mine for Dero currency, is notable for its worm-like capabilities to propagate the malware to other exposed Docker instances and rope them into an ever-growing horde of mining bots.Kaspersky said it…
Neue Malware-Kampagne zielt auf offene Docker-Umgebungen

May 23, 2025 10:54 AM

Tags: api, docker, malware

Eine neu entdeckte Cyberkampagne nutzt schwach gesicherte Docker-APIs als Einfallstor in containerisierte Infrastrukturen. Mit raffiniert getarnten Malware-Komponenten übernehmen die Angreifer Containerumgebungen, schürfen Kryptowährungen und nutzen kompromittierte Systeme als Sprungbrett für weitere Attacken. Die potenzielle Ausbreitung ist enorm. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/cybersecurity/neue-malware-kampagne-zielt-auf-offene-docker-umgebungen/
Critical Versa Concerto Flaws Let Attackers Escape Docker and Compromise Hosts

May 23, 2025 6:54 AM

Tags: control, cybersecurity, docker, exploit, flaw, network, vulnerability

Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SD-WAN orchestration platform that could be exploited to take control of susceptible instances.It’s worth noting that the identified shortcomings remain unpatched despite responsible disclosure on February 13, 2025, prompting a public release of the issues First seen on thehackernews.com Jump…
Getarnte Krypto-Miner kapern Docker-Container

May 23, 2025 5:54 AM

Tags: api, container, crypto, docker, malware, vulnerability

Eine neue, raffiniert angelegte Cyberkampagne nutzt Schwachstellen in öffentlich erreichbaren Docker-APIs aus. Ziel ist es, Container-Umgebungen mit Krypto-Mining-Malware zu infizieren und das mit hohem Automatisierungsgrad. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/krypto-miner-docker
Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host

May 22, 2025 2:54 PM

Tags: control, cybersecurity, docker, exploit, flaw, network, vulnerability

Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SD-WAN orchestration platform that could be exploited to take control of susceptible instances.It’s worth noting that the identified shortcomings remain unpatched despite responsible disclosure on February 13, 2025, prompting a public release of the issues First seen on thehackernews.com Jump…
Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication

May 21, 2025 7:54 PM

Tags: api, attack, container, crypto, cyber, cybersecurity, data-breach, docker, exploit, infrastructure, kaspersky, malicious, malware

A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs to spread malicious containers and mine Dero cryptocurrency. Dubbed a “Docker zombie outbreak” by cybersecurity researchers at Kaspersky, this attack leverages a self-replicating propagation mechanism to transform compromised containers into “zombies” that mine cryptocurrency and infect new victims. The campaign, detected…
Für Kryptomining: Neuer Zombie-Trojaner beißt sich durch Docker-Container

May 21, 2025 2:54 PM

Tags: container, docker

Nginx ist nicht nur ein Webserver. Ein Trojaner missbraucht diesen Namen, um unbemerkt und automatisiert Docker-Container zu infiltrieren. First seen on golem.de Jump to article: www.golem.de/news/fuer-kryptomining-neuer-zombie-trojaner-beisst-sich-durch-docker-container-2505-196424.html