Security news aggregator

Latest coverage for Docker

Explore the latest Docker security news, updates, and best practices to safeguard your containers and applications with our information security insights.

42 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Docker is a platform for building, distributing, and running applications as containers. An image packages application code and dependencies; Docker Engine starts it as an isolated process that shares the host’s operating-system kernel, rather than as a full virtual machine. The Docker API and image registries connect local or automated build and deployment workflows.

Security depends on both the daemon and the images it runs. Access to the Docker daemon or its socket can provide extensive control of the host, so the API should not be unnecessarily exposed and socket mounts should be tightly restricted. Privileged containers, excessive Linux capabilities, and broad host filesystem mounts weaken isolation. Image vulnerabilities or malicious dependencies can enter through the build and distribution chain; use trusted, minimal bases, pinned dependencies, vulnerability scanning, provenance controls, and regular rebuilds. Do not place secrets in image layers. Rootless mode and restrictive security profiles can reduce the consequences of a compromised container.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 42 Filtered view

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is

Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could be exploited to execute code and exfiltrate sensitive data

It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they’re blending in, hijacking everyday tools, trusted apps, and even AI assistants. What used to feel like clear-cut “hacker stories” now looks more like a mirror of the systems we all use

This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life is still wide open

Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest

Power doesn’t just disappear in one big breach. It slips away in the small stuff—a patch that’s missed, a setting that’s wrong, a system no one is watching. Security usually doesn’t fail all at once; it breaks slowly, then suddenly. Staying safe isn’t about knowing everything—it’s about acting fast and clear before problems pile up. Clarity keeps control. Hesitation creates risk

Loading more headlines...