A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could ...

Threat actors are exploiting exposed Docker APIs to deploy malware and cryptocurrency miners and potentially create a new botnet.

The attack chain essentially involves breaking into misconfigured Docker APIs to execute a new container based on the Alpine ...

The botnet is targeting exposed Docker APIs in order to gain initial access, CrowdStrike explained. “It runs a malicious container on an exposed Docker API by using a custom Docker Entrypoint to ...

Image: Docker, ZDNet A hacking group is currently mass-scanning the internet looking for Docker platforms that have API endpoints exposed online. The purpose of these scans is to allow the hacker ...

After if began stealing AWS credentials last summer, the TeamTNT botnet is now also stealing Docker API logins, making the use of firewalls mandatory for all internet-exposed Docker interfaces.

Missing authentication on the Docker Engine management API for Docker Desktop on Windows and Mac allows attackers to break ...

Podman was designed as a near drop-in replacement for Docker. Commands like podman run, podman ps, and podman build mirror ...

"A malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without requiring the Docker socket to be mounted," reads Docker's bulletin. "This ...

Abuse of the Docker API allows remote code execution on targeted system, which enables hackers to escalate and persists thanks to novel attacks called Host Rebinding Attack and Shadow Containers.