Docker CVE-2026-34040 enables AuthZ bypass via padded requests, risking host compromise; fixed in version 29.3.1.

A 10-year-old issue involving Docker Engine and the AuthZ authorization plug-in lives again to enable attackers to gain ...

Hackers have been spotted using the Docker Engine API to target various containers with cryptojackers and other malware. Cybersecurity researchers at Datadog, who recently observed one such campaign ...

The WatchDog hacking group is conducting a new cryptojacking campaign with advanced techniques for intrusion, worm-like propagation, and evasion of security software. The hacking group targets exposed ...

Security researchers have identified a new cyber-threat targeting publicly exposed instances of the Docker Engine API. In this campaign, attackers exploit misconfigurations to deploy a malicious ...

Exposed Docker APIs continue to be used by attackers to create new containers that perform cryptojacking. Earlier this year we reported on attackers utilizing insecure Docker and Kubernetes systems to ...

In the container software Docker Desktop, attackers can access the Docker engine and subsequently the file system of the host system from malicious containers. Updated software is available to close ...

Palo Alto Networks’ Unit 42 threat intelligence group has pinpointed a new cryptojacking worm that has infected more than 2,000 unsecured Docker hosts and is being used to mine Monero cryptocurrency.