CyberSecurityBoard
Sponsor Register Login

Docker Registry Vulnerability Lets MacOS Users Pull Images from Any Registry

A newly disclosed vulnerability in Docker Desktop’s Registry Access Management (RAM) feature has left macOS users vulnerable to unauthorized image pulls, undermining critical container security controls. Docker’s Registry Access Management (RAM) is designed to limit container image pulls to pre-approved registries, such as Docker Hub, Amazon ECR, or private artifact repositories. Docker’s security advisory noted that “Registry Access Management operates at the DNS level, making it vulnerable to localhost proxy bypasses-a risk compounded by CVE-2025-4095”. While Docker’s prompt patch limits immediate exposure, the incident underscores the need for defense-in-depth strategies, combining registry controls, artifact signing, and continuous vulnerability scanning. Designated CVE-2025-4095, the flaw allows developers to bypass registry restrictions enforced by administrators, potentially exposing organizations to malicious container images or unapproved software dependencies.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 30 Apr 2025 09:05:08 +0000


Cyber News related to Docker Registry Vulnerability Lets MacOS Users Pull Images from Any Registry

What Is Patch Management? - Containers are created using a container image, and a container image is created using a Dockerfile/Containerfile that includes instructions for building an image. Considering the patch management and vulnerability management for containers, let's ...
1 year ago Feeds.dzone.com
Docker Image Building Best Practices - Starting with a basic, minimum image is essential when creating Docker images. They let you utilize numerous Docker images throughout the build process, which helps to reduce the size of the final image by removing unneeded build artifacts. Docker ...
2 years ago Feeds.dzone.com
15 Best Docker Monitoring Tools in 2025 - What is Good ?What Could Be Better ?cAdvisor monitors containers without much overhead because to its minimal resource footprint.Real-time monitoring is its main focus, and historical data storage is limited.It simplifies troubleshooting using ...
5 months ago Cybersecuritynews.com
Docker Registry Vulnerability Lets MacOS Users Pull Images from Any Registry - A newly disclosed vulnerability in Docker Desktop’s Registry Access Management (RAM) feature has left macOS users vulnerable to unauthorized image pulls, undermining critical container security controls. Docker’s Registry Access Management (RAM) ...
8 months ago Cybersecuritynews.com CVE-2025-4095
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet - On vulnerable endpoints, the Docker API is used to spawn an Alpine container and then retrieve an initialization shell script (init.sh) from a remote server ("solscan[.]live") that, in turn, checks if it's running as the root user and tools like curl ...
1 year ago Thehackernews.com
Python Malware Poses DDoS Threat Via Docker API Misconfiguration - Security researchers have identified a new cyber-threat targeting publicly exposed instances of the Docker Engine API. In this campaign, attackers exploit misconfigurations to deploy a malicious Docker container with Python malware compiled as an ELF ...
2 years ago Infosecurity-magazine.com
Docker makes hardened images catalog affordable for small businesses - Docker has introduced a new catalog of hardened container images aimed at improving security for small businesses. This initiative makes it more affordable for smaller organizations to deploy secure containerized applications by providing ...
3 months ago Bleepingcomputer.com
Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry - Threat actors have been utilizing a modified version of the SharpHide tool to create hidden registry values, significantly complicating detection and deletion efforts. [+] SharpDelete by Andrew Petrus - Tool to delete hidden registry values ...
10 months ago Cybersecuritynews.com
CyberCrime & Doing Time: Classic Baggie: Part 2 - Q. I want to focus on your relationship with Classic Baggie. Q. You said you were working as an apprentice at that time. Q. Ms. Busch, could we pull up 402(c-1), which again is a larger version of that image. Q. Ms. Busch, can you please pull up ...
2 years ago Garwarner.blogspot.com
Apple's New Containerization Feature Allows Kali Linux Integration on macOS - In practice, that means you can launch a full Kali Linux environment on macOS “Sequoia” 15 today, and you won’t need Docker Desktop when macOS “Tahoe” 26 ships this fall. Apple quietly slipped a game-changing developer feature into its WWDC ...
5 months ago Cybersecuritynews.com
CVE-2021-41092 - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) ...
3 years ago
CVE-2025-10657 - In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature ...
3 months ago
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
9 months ago Cybersecuritynews.com
CVE-2022-39206 - Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a ...
3 years ago
New Malware Hijacking Docker Images with Unique Obfuscation Technique - A newly discovered malware campaign is targeting Docker environments, employing a sophisticated, multi-layered obfuscation technique to evade detection and hijack compute resources for cryptojacking. Security researchers from Darktrace and Cado ...
8 months ago Cybersecuritynews.com
CVE-2023-22746 - CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a ...
2 years ago
NVIDIA’s Incomplete Patch for Critical Flaw Lets Attackers Steal AI Model Data - Organizations using NVIDIA Container Toolkit or Docker on Linux are at risk, especially those running AI workloads like machine learning for healthcare, finance, or autonomous systems. A critical vulnerability in NVIDIA’s Container Toolkit, ...
9 months ago Cybersecuritynews.com CVE-2024-0132
The AI-Generated Child Abuse Nightmare Is Here - Over the course of September, analysts at the IWF focused on one dark web CSAM forum, which it does not name, that generally focuses on "Softcore imagery" and imagery of girls. Within a newer AI section of the forum, a total of 20,254 AI-generated ...
2 years ago Wired.com
but that doesn't mean we shouldn't be concerned - These images, believed to be created using Microsoft Designer, garnered widespread attention and highlighted the ever-growing challenge of AI-generated fake pornography. As these images rapidly spread across the platform, the incident not only ...
1 year ago Blog.avast.com
CVE-2024-6222 - In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 ...
1 year ago Tenable.com
Critical Docker Desktop flaw lets attackers hijack Windows hosts - A critical security vulnerability has been discovered in Docker Desktop for Windows that allows attackers to hijack Windows hosts. This flaw, identified as CVE-2023-XXXX, enables threat actors to escalate privileges and execute arbitrary code on the ...
4 months ago Bleepingcomputer.com CVE-2023-XXXX
Hackers Modifying Registry Keys and Establishing Persistence - Persistence is one of the key things for threat actors to maintain their access to compromised systems and establish connections whenever they require. One of the key methods used to maintain persistence is the use of scheduled tasks. This enables ...
2 years ago Cybersecuritynews.com
CVE-2023-45821 - Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the ...
2 years ago

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)