Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. […]
Tag: Docker
AI, Cybersecurity, Global Security News
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official…
Global Security News
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix for CVE-2024-41110, a maximum-severity vulnerability in the same component that came to light in July 2024. “
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Docker Flaw (CVE-2026-34040) Lets Attackers Bypass Security Controls and Take Over Hosts
A vulnerability in Docker Engine allows attackers to bypass authorization controls and potentially gain full access to host systems. Cyera researchers found that the flaw affects a core security mechanism relied on by organizations to enforce container policies. “This research shows that a lot of foundational infrastructure is still carrying old bug classes in places…
Global Security News
Trivy Supply Chain Attack Expands With New Compromised Docker Images
New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans
AI, Data Breaches, Exploits, Global Security News, malware, Risk Management
44 Aqua Security repositories defaced after Trivy supply chain breach
Malicious Trivy images on Docker Hub spread infostealer malware, exposing developers after a supply chain attack. Researchers found malicious Trivy images on Docker Hub linked to a supply chain attack. Versions 0.69.4–0.69.6, now removed, contained TeamPCP infostealer code. Suspicious tags were pushed without matching GitHub releases, increasing the risk to developers using compromised container images.…
AI, Cybersecurity, Global Security News
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library. “New image tags…
AI, Global Security News
Stop Using Outdated Docker Images – How I Used WUD to Track Container Updates
Stop Using Outdated Docker Images – How I Used WUD to Track Container Updates The post Stop Using Outdated Docker Images – How I Used WUD to Track Container Updates appeared first on Linux Today.