Close Menu
TechurzTechurz
    What's Hot

    Station F ramps up as a launchpad for Europe’s hottest AI startups

    July 6, 2026

    Smart glasses maker Even Realities hits $1B valuation with $150M funding led by Meituan, Tencent

    July 6, 2026

    Uber’s European expansion plans may have hit a speed bump

    July 5, 2026
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Tech Pulse
    • Station F ramps up as a launchpad for Europe’s hottest AI startups
    • Smart glasses maker Even Realities hits $1B valuation with $150M funding led by Meituan, Tencent
    • Uber’s European expansion plans may have hit a speed bump
    • IQM, Europe’s first public quantum company, admits the future of the tech is uncertain
    • Indian tech tycoon bets $30M of his own money to build AI alternative to Microsoft Office
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    TechurzTechurz
    • Home
    • Tech Pulse
    • Future Tech
    • AI Systems
    • Cyber Reality
    • Disruption Lab
    • Signals
    TechurzTechurz
    Home - Apps - Docker could still be hosting a whole load of potentially malicious images – putting users at risk
    Apps

    Docker could still be hosting a whole load of potentially malicious images – putting users at risk

    TechurzBy TechurzAugust 13, 2025Updated:May 11, 2026No Comments2 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    A hacker typing on a MacBook laptop with code on the screen.
    Share
    Facebook Twitter LinkedIn Pinterest Email


    • XZ-Utils backdoor was found over a year ago
    • Despite warnings, some Linux images still contain it
    • Debian won’t budge as the images are “historical artifacts”

    At least 35 Linux images hosted on Docker Hub contain dangerous backdoor malware, which could put software developers and their products at risk of takeover, data theft, ransomware, and more.

    At least some of the images, however, will remain on the site and will not be removed, since they are outdated anyway and shouldn’t be used.

    In March 2024, the open source community was stunned when security researchers spotted “XZ Utils”, a piece of malicious code, in the upstream xz-utils releases 5.6.0 and 5.6.1 (the liblzma.so library) that briefly propagated into some Linux distro packages (not their stable releases). The backdoor was inserted by a developer named ‘Jia Tan’ who, in the two years leading up to that moment, built significant credibility in the community through various contributions.


    You may like

    Debian, Fedora, and others

    Now, security researchers at Binarly have said malicious xz-utils packages containing the backdoor were distributed in certain branches of several Linux distributions, including Debian, Fedora and OpenSUSE.

    “This had serious implications for the software supply chain, as it became challenging to quickly identify all the places where the backdoored library had been included.” “This had serious implications for the software supply chain, as it became challenging to quickly identify all the places where the backdoored library had been included.”

    Binarly’s experts are now saying several Docker images, built around the time of the compromise, also contain the backdoor. It says that at first glance, it might not seem alarming since if the distribution packages were backdoored, then any Docker images based on them would be backdoored, as well.

    However, the researchers said some of the compromised images are still available on Docker Hub, and were even used in building other images which have also been transitively infected. Binarly said it found “only” 35 images because it focused solely on Debian images:

    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

    “The impact on Docker images from Fedora, OpenSUSE, and other distributions that were impacted by the XZ Utils backdoor remains unknown at this time.”

    Debian said it wouldn’t be removing the malicious images since they’re outdated anyway and shouldn’t be used. They will be left as “historical artifacts”.

    Via BleepingComputer

    You might also like

    Docker Hosting images load Malicious potentially Putting Risk users
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleThe Last Airbender Are Here
    Next Article Why I’d still choose this 2024 Windows laptop over newer models – especially at this new price
    Techurz
    • Website

    Related Posts

    Opinion

    Revolut rolls out services to thousands of users in India ahead of broader launch

    June 1, 2026
    Opinion

    SaySo is a new short-form video app that aims to restore users’ trust in news

    April 17, 2026
    Opinion

    AI learning app Gizmo levels up with 13M users and a $22M investment

    April 16, 2026
    Add A Comment
    Latest Tech Pulse

    College social app Fizz expands into grocery delivery

    September 3, 20252,290

    12 Father’s Day E-Card Sites That Are Actually Good

    June 4, 202523

    SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

    May 23, 202622
    Stay In Touch
    • YouTube
    • WhatsApp
    • Twitter
    • Pinterest
    • LinkedIn

    Techurz helps readers stay ahead of digital change with clear, practical, future focused technology intelligence written today,searched tomorrow.

    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Company
    • About Us
    • Contact Us
    • Our Authors / Editorial Team
    • Write For Us
    • Advertise
    Policy
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Affiliate Disclosure
    • Cookie Policy
    • Disclaimer
    • DMCA
    Explore
    • AI Systems
    • Cyber Reality
    • Future Tech
    • Disruption Lab
    • Signals
    • Tech Pulse
    • Sitemap

    Join the Techurz Brief

    The future does not arrive suddenly.
    Stay ahead with fast, sharp tech signals.

    Type above and press Enter to search. Press Esc to cancel.