Close Menu
TechurzTechurz

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    The full Space Stage agenda at Disrupt 2025

    October 15, 2025

    The new iPad Pro’s biggest upgrade isn’t the M5 chip – I’d buy it for this feature instead

    October 15, 2025

    How Attackers Bypass Synced Passkeys

    October 15, 2025
    Facebook X (Twitter) Instagram
    Trending
    • The full Space Stage agenda at Disrupt 2025
    • The new iPad Pro’s biggest upgrade isn’t the M5 chip – I’d buy it for this feature instead
    • How Attackers Bypass Synced Passkeys
    • Flax Typhoon exploited ArcGIS to gain long-term access
    • When Face Recognition Doesn’t Know Your Face Is a Face
    • There’s one critical reason why I choose this Garmin smartwatch over competing models
    • Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control
    • The OnePlus 12 is still on sale for $300 off – but time is running out
    Facebook X (Twitter) Instagram Pinterest Vimeo
    TechurzTechurz
    • Home
    • AI
    • Apps
    • News
    • Guides
    • Opinion
    • Reviews
    • Security
    • Startups
    TechurzTechurz
    Home»Apps»Docker could still be hosting a whole load of potentially malicious images – putting users at risk
    Apps

    Docker could still be hosting a whole load of potentially malicious images – putting users at risk

    TechurzBy TechurzAugust 13, 2025No Comments2 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    A hacker typing on a MacBook laptop with code on the screen.
    Share
    Facebook Twitter LinkedIn Pinterest Email


    • XZ-Utils backdoor was found over a year ago
    • Despite warnings, some Linux images still contain it
    • Debian won’t budge as the images are “historical artifacts”

    At least 35 Linux images hosted on Docker Hub contain dangerous backdoor malware, which could put software developers and their products at risk of takeover, data theft, ransomware, and more.

    At least some of the images, however, will remain on the site and will not be removed, since they are outdated anyway and shouldn’t be used.

    In March 2024, the open source community was stunned when security researchers spotted “XZ Utils”, a piece of malicious code, in the upstream xz-utils releases 5.6.0 and 5.6.1 (the liblzma.so library) that briefly propagated into some Linux distro packages (not their stable releases). The backdoor was inserted by a developer named ‘Jia Tan’ who, in the two years leading up to that moment, built significant credibility in the community through various contributions.


    You may like

    Debian, Fedora, and others

    Now, security researchers at Binarly have said malicious xz-utils packages containing the backdoor were distributed in certain branches of several Linux distributions, including Debian, Fedora and OpenSUSE.

    “This had serious implications for the software supply chain, as it became challenging to quickly identify all the places where the backdoored library had been included.” “This had serious implications for the software supply chain, as it became challenging to quickly identify all the places where the backdoored library had been included.”

    Binarly’s experts are now saying several Docker images, built around the time of the compromise, also contain the backdoor. It says that at first glance, it might not seem alarming since if the distribution packages were backdoored, then any Docker images based on them would be backdoored, as well.

    However, the researchers said some of the compromised images are still available on Docker Hub, and were even used in building other images which have also been transitively infected. Binarly said it found “only” 35 images because it focused solely on Debian images:

    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

    “The impact on Docker images from Fedora, OpenSUSE, and other distributions that were impacted by the XZ Utils backdoor remains unknown at this time.”

    Debian said it wouldn’t be removing the malicious images since they’re outdated anyway and shouldn’t be used. They will be left as “historical artifacts”.

    Via BleepingComputer

    You might also like

    Docker Hosting images load Malicious potentially Putting Risk users
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleThe Last Airbender Are Here
    Next Article Why I’d still choose this 2024 Windows laptop over newer models – especially at this new price
    Techurz
    • Website

    Related Posts

    Security

    Vom CISO zum Chief Risk Architect

    October 14, 2025
    Security

    Is art dead? What Sora 2 means for your rights, creativity, and legal risk

    October 14, 2025
    Security

    Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk

    October 13, 2025
    Add A Comment
    Leave A Reply Cancel Reply

    Top Posts

    The Reason Murderbot’s Tone Feels Off

    May 14, 20259 Views

    Start Saving Now: An iPhone 17 Pro Price Hike Is Likely, Says New Report

    August 17, 20258 Views

    CNET’s Daily Tariff Price Tracker: I’m Keeping Tabs on Changes as Trump’s Trade Policies Shift

    May 27, 20258 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Most Popular

    The Reason Murderbot’s Tone Feels Off

    May 14, 20259 Views

    Start Saving Now: An iPhone 17 Pro Price Hike Is Likely, Says New Report

    August 17, 20258 Views

    CNET’s Daily Tariff Price Tracker: I’m Keeping Tabs on Changes as Trump’s Trade Policies Shift

    May 27, 20258 Views
    Our Picks

    The full Space Stage agenda at Disrupt 2025

    October 15, 2025

    The new iPad Pro’s biggest upgrade isn’t the M5 chip – I’d buy it for this feature instead

    October 15, 2025

    How Attackers Bypass Synced Passkeys

    October 15, 2025

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • About Us
    • Contact Us
    • Privacy Policy
    • Terms and Conditions
    • Disclaimer
    © 2025 techurz. Designed by Pro.

    Type above and press Enter to search. Press Esc to cancel.