Tag: docker
17 articles

Hackers exploit auth bypass in Gitea Docker image
Hackers are actively exploiting a critical flaw in the Gitea Docker image, using a single header to bypass authentication and gain access - and security teams are only just catching on. In fact, researchers detected the first real-world hit just 13 days after the vulnerability was disclosed.

Threat Actors Probe Gitea Docker Flaw Just 13 Days After Patch
Security researchers have spotted threat actors probing a critical Gitea Docker flaw just 13 days after it was patched, highlighting the urgent need for users to update their systems. This highly vulnerable flaw, scoring 9.8, allows attackers to exploit a default setting that trusts user headers from any source IP address.

Docker Images Expose Hidden Vulnerabilities
Docker containers are a top target for attackers, with a recent analysis of 100 popular Docker Hub images revealing that 64 contained critical flaws due to outdated software versions. Only one in ten images was fully up to date, leaving a vast majority vulnerable to predictable and dangerous exposures.

Docker Flaw Exposes Hosts to Unauthorized Access
A recent security patch meant to tighten up Docker Engine's defenses has left a gaping hole, exposing hosts to unauthorized access - and it's up to you to make sure you're not the one who gets exploited. A high-severity flaw, tracked as CVE-2026-34040, allows attackers to bypass authorization plugins and potentially gain access to your host.

exposed Docker APIs: Must-Have Fixes Against Risky Miners
Leaving Docker Remote APIs exposed is like leaving your front door open — attackers are now using TOR-backed cryptojacking campaigns to quietly hijack compute, lock out rivals, and hide their tracks. Secure your management endpoints with authentication and network controls, enforce least-privilege, and monitor for unusual container activity to stop wallets from draining your cloud bill.

WhatsApp zero-day: Critical Risk, Must-Have Fixes
This week’s wake‑up call — a WhatsApp zero‑day, a Docker escape bug, and reported Salesforce access — shows how small misconfigurations and stolen credentials chain together into big breaches. Patch promptly, enable MFA, and tighten container and identity hygiene before attackers stitch those gaps into a compromise.

NFC fraud: Must-Have Defenses Against Costly Attacks
Security rarely breaks in a single blast — it seeps away. This week’s roundup shows how NFC fraud, N‑able exploits, and malicious Docker images quietly erode trust and widen blast radii when small oversights go unpatched.

Cybercriminals Leverage Misconfigured Docker APIs for Cryptocurrency Mining through Tor Network
Cybercriminals exploit misconfigured Docker APIs for illicit cryptocurrency mining, using the Tor network to obscure their activities and evade detection.

Apple tries to contain itself with lightweight Linux VMs for macOS
Apple employs lightweight Linux VMs on macOS to contain processes, boost efficiency, and enhance system security.

Illicit crypto-miners pouncing on lazy DevOps configs that leave clouds vulnerable
Illicit crypto-miners exploit lazy DevOps configs to breach cloud security. Discover how vulnerabilities can be mitigated to keep your infrastructure safe.

Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub
Cryptojacking campaign exploits DevOps APIs using off-the-shelf GitHub tools, revealing emerging security risks in development pipelines.

Cybercriminals Impersonate Antivirus Website to Distribute Venom RAT and Hijack Crypto Wallets
Cybercriminals impersonate antivirus sites to spread Venom RAT, hijack crypto wallets, and jeopardize user security in the digital realm.

New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency
New self-spreading malware breaches Docker containers to mine Dero crypto. Learn protection tips to secure your systems from evolving cyber threats.

Critical Versa Concerto Flaws Let Attackers Escape Docker and Compromise Hosts
Critical Versa Concerto flaws let attackers escape Docker, compromising hosts. Patch vulnerabilities now to protect your infrastructure.

Docker Malware Targets Teneo Web3 Node to Generate Crypto through Deceptive Heartbeat Signals
Docker malware exploits Teneo Web3 Node, using deceptive heartbeat signals to generate cryptocurrency, highlighting security risks in blockchain environments.

Innovative Cryptojacking Malware Exploits Docker Using Unique Mining Method
Discover how innovative cryptojacking malware exploits Docker with a unique mining method, posing new threats to cloud infrastructure security.

New XorDDoS Controller Discovered as Malware Threats Expand to Docker, Linux, and IoT
New XorDDoS Controller identified, targeting Docker, Linux, and IoT devices, highlighting the growing malware threats in diverse environments.