Security news aggregator

Latest coverage for Docker

Explore the latest Docker security news, updates, and best practices to safeguard your containers and applications with our information security insights.

105 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Docker is an open-source platform that automates the deployment, scaling, and management of applications within containers. Containers package up the software, libraries, and dependencies into a single object, which can be easily deployed and executed on any Linux system supporting the container format. This technology facilitates consistency across multiple development, testing, and production environments.

In the context of information security, Docker introduces both opportunities and challenges. On the positive side, the use of containers can enhance security by isolating applications from each other and from the underlying system. This isolation can limit the potential impact of a compromised application. However, Docker security is reliant on proper container configuration and management. It is essential to control access to the Docker daemon, securely manage container images, regularly update and patch containerized applications, and monitor containers for suspicious activities. Furthermore, Docker's layered filesystem can also lead to security risks if not properly managed, as old layers may contain vulnerabilities that could be exploited.

Understanding Docker's architecture, using trusted base images, implementing container scanning and signing, employing orchestration tools with robust security features, and following the principle of least privilege are among the best practices for maintaining a secure Docker environment. As the technology continues to evolve, staying informed on security enhancements and emerging threats in the container ecosystem is crucial for security professionals.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 105 Filtered view

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is

More from The Hacker News 18 May 2026, 11:23 p.m. API Cloud Credentials Docker Malicious Code Node.js SSH Supply Chain Theft Virtualisation
Bank Info Security 1 month, 3 weeks ago

Breach Roundup: German Police Expose REvil, GandCrab Boss

Also, Medusa Ransomware, Grafana Flaw, German Political Party BreachThis week, German police unmasked a REvil leader, a critical Docker flaw, Medusa ransomware surged, DPRK hackers abused GitHub, Grafana AI bugs enabled data theft, scams hit $20B in the United States, Ivanti exploited and attacks hit Northern Ireland schools and a German political party.

More from Bank Info Security 10 Apr 2026, 10:30 a.m. Incident · 4 stories America Artificial Intelligence Breach Critical Docker Education Flaw Germany Github Politics REvil Ransomware Scam Theft Virtualisation
Bank Info Security 3 months, 3 weeks ago

Docker AI Bug Lets Image Metadata Trigger Attacks

AI Assistant Executes Hidden Commands Embedded in Docker Image LabelsA vulnerability in Docker's Ask Gordon AI assistant allows attackers to execute malicious commands by hiding them in the container application development platform's image metadata, said security researchers. Dubbed DockerDash, the vulnerability exploits a failure across Docker's AI execution chain.

More from Bank Info Security 10 Feb 2026, 8:00 a.m. Artificial Intelligence Docker Exploit Research Virtualisation Vulnerability

Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could be exploited to execute code and exfiltrate sensitive data

More from The Hacker News 4 Feb 2026, 5:41 a.m. Artificial Intelligence Critical Disclosure Docker Flaw Patch Research Virtualisation Vulnerability

It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they’re blending in, hijacking everyday tools, trusted apps, and even AI assistants. What used to feel like clear-cut “hacker stories” now looks more like a mirror of the systems we all use

More from The Hacker News 26 Dec 2025, 3:01 a.m. Artificial Intelligence Docker Exploit Flaw Hacking Tools Virtualisation

This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life is still wide open

More from The Hacker News 12 Dec 2025, 2:40 a.m. Docker Leak Malware Privacy Research Rootkit Spyware Virtualisation

Flare warns devs are unwittingly publishing production-level secrets Docker Hub has quietly become a treasure trove of live cloud keys and credentials, with more than 10,000 public container images exposing sensitive secrets from over 100 companies, including a Fortune 500 firm and a major bank.…

More from The Register 12 Dec 2025, 12:26 a.m. Banking Cloud Credentials Docker Finance Virtualisation Warning