这一发展源于对Trivy的供应链入侵攻击。Trivy是由Aqua Security维护的流行开源漏洞扫描工具，威胁行为者利用被入侵的凭据，在该工具的木马化版本以及两个相关GitHub Actions"aquasecurity/trivy-action"和"aquasecurity/setup-trivy"中植入凭据窃取器。

Exposed Docker APIs continue to be used by attackers to create new containers that perform cryptojacking. Earlier this year we reported on attackers utilizing insecure Docker and Kubernetes systems to ...

Attackers are actively scanning for exposed Docker APIs on port 2375 and use them to deploy a malicious payload which drops a Dofloo Trojan variant, a malware known as a popular tool for building ...

Threat actors are targeting cloud-based networks by exploiting misconfigured Docker APIs to gain access to containerized environments, then using the anonymity of Tor to hide their deployment of ...

The new variant of Docker-targeting malware skips cryptomining in favor of persistence, backdoors, and even blocking rivals from accessing exposed APIs. A newly discovered strain of a cryptomining ...

Container company Docker has acquired startup SocketPlane and its six-strong team to help add standard networking interfaces to Docker for increased portability of multi-container distributed apps.

Researchers have discovered a new technique that lets an attacker to build and deploy an image on a victim's host. The attack exploits a misconfigured Docker API port to build and run a malicious ...

Hackers have been spotted using the Docker Engine API to target various containers with cryptojackers and other malware. Cybersecurity researchers at Datadog, who recently observed one such campaign ...