Scrubbing tokens from source code is not enough, as shown by the publishing of a Python Software Foundation access token with administrator privileges to a container image on Docker Hub.

Security researchers have identified a new cyber-threat targeting publicly exposed instances of the Docker Engine API. In this campaign, attackers exploit misconfigurations to deploy a malicious ...

A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious ...

Learn how to create and use a Docker secret from a file for secure storage of sensitive data with this step-by-step tutorial.

Docker patched CVE-2025-9074 (CVSS 9.3), a flaw enabling container escape via unauthenticated API, risking host takeover.

"A malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without ...