The State of Trusted Open Source Report
In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source...
Docker
16 articles
Why Kubernetes controllers are the perfect backdoor
In my years securing cloud-native environments, I’ve noticed a recurring blind spot. We obsess over the “front doors” such as exposed dashboards, misconfigur...
CanisterWorm Targets Docker, Kubernetes, and Redis to Steal Secrets
A financially motivated cybercrime group known as TeamPCP is actively exploiting poorly secured cloud environments using a self-propagating malware called “C...
Breaking out: Can AI agents escape their sandboxes?
Container sandboxes are part of routine AI agent testing and deployment. Agents use them to run code, edit files, and interact with system resources without ...
Post-Quantum Compliance Starts in Your Containers, and Sooner Than You Think - George Manuelian - RSAC26 #6
GoHarbor Issues Urgent Patch for Harbor Flaw Allowing Full Registry Compromise
A critical security flaw in GoHarbor’s Harbor container registry exposes organizations to severe supply chain attacks. Tracked as CVE-2026-4404, this vulnera...
Sandboxing AI agents, 100x faster
We’re introducing Dynamic Workers, which allow you to execute AI-generated code in secure, lightweight isolates. This approach is 100 times faster than tradi...
Trivy Supply Chain Attack Expands With New Compromised Docker Images
New Trivy Docker images 0.69.
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening bl...
Bringing Continuous Assessment to Harbor: Scan on Push, Stay Secure Over Time
Key Takeaways DevSecOps harmony exists when development and security teams operate on a shared definition of risk using consistent data, identifiers, and pri...
ZDI-26-152: Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to ex...
ZDI-26-150: Docker Desktop for Mac Docker Model Runner Exposed Dangerous Function Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain ...
ZDI-26-123: Docker Desktop MCP Server Cleartext Storage of Sensitive Information Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Docker Desktop. An attacker must first obtain the ab...
[local] Docker Desktop 4.44.3 - Unauthenticated API Exposure
Docker Desktop 4.44.
DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon
DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon
Building cryptographic agility into Sigstore
Software signatures carry an invisible expiration date. The container image or firmware you sign today might be deployed for 20 years, but the cryptographic ...