Docker Archives - Security Affairs

Pierluigi Paganini August 25, 2025

Docker fixes critical Desktop flaw allowing container escapes

Docker fixed a critical flaw in the Docker Desktop app for Windows and macOS that could potentially allow an attacker to escape the confines of a container. Docker fixed a critical vulnerability, tracked as CVE-2025-9074 (CVSS score of 9.3), impacting Docker Desktop app for Windows and macOS. An attacker can exploit the flaw to potentially escape […]

Pierluigi Paganini April 23, 2025

Crypto mining campaign targets Docker environments with new evasion technique

New malware campaign targets Docker environments using unknown methods to secretly mine cryptocurrency, researchers warn. Researchers from Darktrace and Cado Security have spotted a malware campaign that targets Docker environments with a novel technique to mine cryptocurrency. The malware campaign targets Docker environments to deploy a malicious node connected to Teneo, a decentralized infrastructure network. […]

Pierluigi Paganini October 23, 2024

Crooks are targeting Docker API servers to deploy SRBMiner

Threat actors are targeting Docker remote API servers to deploy SRBMiner crypto miners on compromised instances, Trend Micro warns. Trend Micro researchers observed attackers targeting Docker remote API servers to deploy SRBMiner crypto miners on compromised instances. The threat actors used the gRPC protocol over h2c to bypass security and execute crypto mining on Docker […]

Pierluigi Paganini July 25, 2024

Critical bug in Docker Engine allowed attackers to bypass authorization plugins

A critical flaw in some versions of Docker Engine can be exploited to bypass authorization plugins (AuthZ) under specific circumstances. A vulnerability, tracked as CVE-2024-41110 (CVSS score of 10.0), in certain versions of Docker Engine can allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. “An attacker could exploit a bypass using an API request with […]

Pierluigi Paganini June 19, 2024

Cryptojacking campaign targets exposed Docker APIs

A malware campaign targets publicly exposed Docker API endpoints to deliver cryptocurrency miners and other payloads. Researchers at Datadog uncovered a new cryptojacking campaign linked to the attackers behind Spinning YARN campaign. The threat actors target publicly exposed and unsecured Docker API endpoints for initial access. The attack begins with the threat actor scanning the internet […]

Pierluigi Paganini March 07, 2024

Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers

A new Linux malware campaign campaign is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. Researchers from Cado Security observed a new Linux malware campaign targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. The threat actors behind this campaign employed previously undetected payloads, including four Golang binaries that are used to automate the […]

Pierluigi Paganini May 06, 2022

Vulnerable Docker Installations Are A Playhouse for Malware Attacks

Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API. The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port 2375. The attacks are related to crypto miners and reverse shells on the vulnerable servers using base64-encoded commands in the cmdline, built […]

Pierluigi Paganini April 22, 2022

Lemon_Duck cryptomining botnet targets Docker servers

The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. The Lemon_Duck cryptomining malware was first spotted in June 2019 by researchers from Trend Micro while targeting enterprise networks. At the time of its first discovery, the bot was […]

Pierluigi Paganini March 30, 2021

30 Docker images downloaded 20M times in cryptojacking attacks

Experts discovered that 30 malicious Docker images with a total number of 20 million pulls were involved in cryptomining operations. Palo Alto Network researcher Aviv Sasson discovered 30 malicious Docker images, which were downloaded 20 million times, that were involved in cryptojacking operations. The expert determined the number of cryptocurrencies that were mined to a mining […]

Pierluigi Paganini February 01, 2021

Exploiting a bug in Azure Functions to escape Docker

Expert disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited to escape the Docker container hosting them. Cybersecurity researcher Paul Litvak from Intezer Lab disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited by an attacker to escalate privileges and escape the Docker container that hosts them. The experts […]

Docker

Docker fixes critical Desktop flaw allowing container escapes

Crypto mining campaign targets Docker environments with new evasion technique

Crooks are targeting Docker API servers to deploy SRBMiner

Critical bug in Docker Engine allowed attackers to bypass authorization plugins

Cryptojacking campaign targets exposed Docker APIs

Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers

Vulnerable Docker Installations Are A Playhouse for Malware Attacks

Lemon_Duck cryptomining botnet targets Docker servers

30 Docker images downloaded 20M times in cryptojacking attacks

Exploiting a bug in Azure Functions to escape Docker

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Stellantis probes data breach linked to third-party provider

FBI alerts public to spoofed IC3 site used in fraud schemes

EU agency ENISA says ransomware attack behind airport disruptions

Researchers expose MalTerminal, an LLM-enabled malware pioneer

Beware: GitHub repos distributing Atomic Infostealer on macOS

QUICK LINKS

Docker

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!