Dossier
Docker Hub
Coverage of Docker Hub in the Nexus archive.
- Developer Workstations Are Now Part of the Software Supply Chain
Supply chain attackers are targeting developer workstations to steal access and secrets, including API keys and cloud credentials, with three campaigns hitting npm, PyPI, and Docker Hub in a 48-hour window. This highlights the growing risk of software supply chain attacks. The attacks targeted secrets from developer environments and CI/CD pipelines.
- Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Cybersecurity researchers warned of malicious Docker images and VS Code extensions in Checkmarx's supply chain. Socket revealed threat actors overwrote tags like v2.1.20 and alpine in the 'checkmarx/kics' Docker Hub repository and introduced a fake v2.1.21 tag.