Docker Makes 1,000 Hardened Images Free and Open Source
Millions of developers can now use the secure, production-ready images made by Docker.
The post Docker Makes 1,000 Hardened Images Free and Open Source appeared first on SecurityWeek.
Docker
Docker Fixes ‘Ask Gordon’ AI Flaw That Enabled Metadata-Based Attacks
Pillar Security has identified a critical indirect prompt injection vulnerability in Docker’s ‘Ask Gordon’ assistant. By poisoning metadata on Docker Hub, attackers could bypass security to exfiltrate private build logs and chat history. Discover how t…
Hack The Box: Artificial Machine Walkthrough – Easy Diffucilty
Hacking the “Artificial” Machine on Hack The Box!
Conquered the “Artificial” machine on Hack The Box! 🕵️♂️ I scanned the target, identified a web server on port 80, and created an account to access its dashboard, where I uploaded a malicious .h5 file to trigger a reverse shell. Using a Docker environment, I gained a shell as the app user, found a SQLite database (users.db), and cracked its password hashes to reveal credentials for user “gael,” allowing me to grab the user flag via SSH from user.txt. For root, I discovered port 9898 running Backrest, forwarded it, and enumerated backup files, finding a bcrypt-hashed password in config.json. Decoding a base64 value yielded a plaintext password, granting access to the Backrest dashboard, where I exploited the RESTIC_PASSWORD_COMMAND to trigger a root shell and secure the root flag from root.txt.
#Cybersecurity #HackTheBox #CTF #PenetrationTesting #PrivilegeEscalation
The post Hack The Box: Artificial Machine Walkthrough – Easy Diffucilty appeared first on Threatninja.net.
ShadowV2 Botnet Uses Misconfigured AWS Docker for DDoS-For-Hire Service
Darktrace researchers have uncovered ShadowV2, a new botnet that operates as a DDoS-for-hire service by infecting misconfigured Docker containers on AWS cloud servers.
Exposed Docker APIs Likely Exploited to Build Botnet
Hackers mount the host’s file system into fresh containers, fetch malicious scripts over the Tor network, and block access to the Docker API.
The post Exposed Docker APIs Likely Exploited to Build Botnet appeared first on SecurityWeek.
New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs
Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development.
Docker Desktop Vulnerability Allowed Host Takeover on Windows, macOS
A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious…
Docker Desktop Vulnerability Leads to Host Compromise
A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators.
The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek.
Docker fixes critical Desktop flaw allowing container escapes
Docker fixed a critical flaw in the Docker Desktop app for Windows and macOS that could potentially allow an attacker to escape the confines of a container. Docker fixed a critical vulnerability, tracked as CVE-2025-9074 (CVSS score of 9.3), impacting Docker Desktop app for Windows and macOS. An attacker can exploit the flaw to potentially escape […]
Behind the code: How developers work in 2025
How are developers working in 2025? Docker surveyed over 4,500 people to find out, and the answers are a mix of progress and ongoing pain points. AI is gaining ground but still unevenly used. Security is now baked into everyday workflows. Most devs hav…