ShadowV2 Botnet Uses Misconfigured AWS Docker for DDoS-For-Hire Service
Darktrace researchers have uncovered ShadowV2, a new botnet that operates as a DDoS-for-hire service by infecting misconfigured Docker containers on AWS cloud servers.
Docker
Exposed Docker APIs Likely Exploited to Build Botnet
Hackers mount the host’s file system into fresh containers, fetch malicious scripts over the Tor network, and block access to the Docker API.
The post Exposed Docker APIs Likely Exploited to Build Botnet appeared first on SecurityWeek.
New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs
Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development.
Docker Desktop Vulnerability Allowed Host Takeover on Windows, macOS
A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious…
Docker Desktop Vulnerability Leads to Host Compromise
A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators.
The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek.
Docker fixes critical Desktop flaw allowing container escapes
Docker fixed a critical flaw in the Docker Desktop app for Windows and macOS that could potentially allow an attacker to escape the confines of a container. Docker fixed a critical vulnerability, tracked as CVE-2025-9074 (CVSS score of 9.3), impacting Docker Desktop app for Windows and macOS. An attacker can exploit the flaw to potentially escape […]
Behind the code: How developers work in 2025
How are developers working in 2025? Docker surveyed over 4,500 people to find out, and the answers are a mix of progress and ongoing pain points. AI is gaining ground but still unevenly used. Security is now baked into everyday workflows. Most devs hav…
Crypto mining campaign targets Docker environments with new evasion technique
New malware campaign targets Docker environments using unknown methods to secretly mine cryptocurrency, researchers warn. Researchers from Darktrace and Cado Security have spotted a malware campaign that targets Docker environments with a novel technique to mine cryptocurrency. The malware campaign targets Docker environments to deploy a malicious node connected to Teneo, a decentralized infrastructure network. […]
Incomplete Patch Leaves NVIDIA and Docker Users at Risk
NVIIA’s incomplete security patch, combined with a Docker vulnerability, creates a serious threat for organizations using containerized environments. This article explains the risks and mitigation strategies.
Hack The Box: Ghost Machine Walkthrough – Insane Difficulty
The initial foothold was gained by exploiting command injection on intranet.ghost.htb:8008/api-dev/scan/, which provided a reverse shell inside a Docker container. From there, I enumerated the environment and discovered credentials that allowed SSH access as Florence Ramirez. By extracting and converting a Kerberos ticket, I authenticated as a legitimate user, escalating access within the system. With access to the Windows environment, I retrieved NTLM hashes for the adfs_gmsa account and leveraged evil-winrm for lateral movement. A reverse shell was established using JokerShell, and privileges were escalated by enabling xp_cmdshell through a debug interface. After uploading EfsPotato.cs and disabling antivirus, I used Mimikatz and Rubeus.exe to dump credentials, ultimately achieving SYSTEM access. This led to the extraction of domain admin credentials and the retrieval of the root flag. Another Insane box down! 💀💻
#HackTheBox #RedTeam #CyberSecurity #PenTesting #PrivilegeEscalation #EthicalHacking
The post Hack The Box: Ghost Machine Walkthrough – Insane Difficulty appeared first on Threatninja.net.