Docker CVE-2026-34040 enables AuthZ bypass via padded requests, risking host compromise; fixed in version 29.3.1.

Exposed Docker APIs continue to be used by attackers to create new containers that perform cryptojacking. Earlier this year we reported on attackers utilizing insecure Docker and Kubernetes systems to ...

Attackers are actively scanning for exposed Docker APIs on port 2375 and use them to deploy a malicious payload which drops a Dofloo Trojan variant, a malware known as a popular tool for building ...

A 10-year-old issue involving Docker Engine and the AuthZ authorization plug-in lives again to enable attackers to gain ...

Threat actors are targeting cloud-based networks by exploiting misconfigured Docker APIs to gain access to containerized environments, then using the anonymity of Tor to hide their deployment of ...

Hackers have been spotted using the Docker Engine API to target various containers with cryptojackers and other malware. Cybersecurity researchers at Datadog, who recently observed one such campaign ...

Researchers have discovered a new technique that lets an attacker to build and deploy an image on a victim's host. The attack exploits a misconfigured Docker API port to build and run a malicious ...

Container company Docker has acquired startup SocketPlane and its six-strong team to help add standard networking interfaces to Docker for increased portability of multi-container distributed apps.

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Agent workflows make transport a first-order ...