VulnHub

Real-time Cybersecurity News

Over 10,000 Docker Hub images found leaking credentials, auth keys

BleepingComputer
Actively Exploited
Data Breach

Overview

Researchers have discovered that over 10,000 Docker Hub container images are leaking sensitive data, including live credentials for production systems and access keys for CI/CD databases. This exposure poses a significant risk to organizations that rely on these images for their software development and deployment. The leaked information could allow attackers to gain unauthorized access to crucial systems, leading to potential data breaches or service disruptions. Users of Docker Hub should immediately review their images for any hardcoded secrets and take steps to secure their environments. This incident underscores the importance of secure coding practices and regular audits of container images to prevent similar leaks in the future.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Docker Hub container images, production systems, CI/CD databases, LLM model keys
  • Action Required: Users should review and remove any hardcoded credentials from container images and implement secure coding practices to prevent future leaks.
  • Timeline: Newly disclosed

Original Article Summary

More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. [...]

Impact

Docker Hub container images, production systems, CI/CD databases, LLM model keys

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should review and remove any hardcoded credentials from container images and implement secure coding practices to prevent future leaks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Data Breach.

Read Original Article

Related Coverage

FortiBleed campaign steals 110M credentials from FortiGate targets

SCM feed for Latest

A recent cybersecurity campaign, dubbed FortiBleed, has compromised around 110 million user credentials by targeting FortiGate devices. The attackers utilized a tool called FortigateSniffer, which exploits a diagnostic utility to continuously monitor network traffic, allowing them to capture sensitive information. This incident raises significant concerns for organizations using FortiGate products, as the compromised credentials could lead to further breaches or unauthorized access. The scale of the data theft is alarming, making it imperative for affected users to take immediate action to secure their accounts. Companies using FortiGate devices should review their security protocols and consider implementing additional protective measures to prevent future incidents.

Jun 24, 2026

Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs

SecurityWeek

Recent vulnerabilities discovered in Ubiquiti products pose significant risks as they allow remote attackers to access systems without authentication. These flaws enable unauthorized changes to be made to the system, access to underlying accounts, and the injection of malicious commands. This could lead to serious security breaches for users, particularly affecting those who rely on Ubiquiti for their networking equipment. Organizations using these products need to act quickly to safeguard their systems and data. Given the nature of these vulnerabilities, it is crucial for users to stay informed and apply any necessary updates or patches to mitigate the risks.

Jun 24, 2026

Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed

SecurityWeek

The article discusses the importance of context in AI systems, particularly in agentic AI, which makes decisions autonomously. Without the right context, these systems can make poor decisions at high speeds, leading to potential security risks. This issue is crucial for organizations using AI for critical operations, as incorrect decisions could have serious consequences. The piece emphasizes the need for developers and companies to ensure their AI systems are trained with accurate and comprehensive context to mitigate these risks. As AI continues to be integrated into various sectors, understanding and addressing these contextual challenges is vital for maintaining security and reliability.

Jun 24, 2026

Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)

Help Net Security

A newly discovered vulnerability, CVE-2026-20230, affects Cisco's Unified Communications Manager (Unified CM) and is currently being exploited in the wild. This issue is a server-side request forgery (SSRF) flaw that allows attackers to drop webshells and execute code remotely on the affected servers. According to threat intelligence firm Defused, automated attacks have been observed using the Tor network to deploy these webshells. The exploitation process involves abusing the WebDialer SSRF to install a malicious Apache Axis service, which then facilitates the execution of further malicious payloads. Organizations using Cisco Unified CM should be aware of this security threat and take steps to mitigate potential risks.

Jun 24, 2026

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

SecurityWeek

Recent findings have revealed significant vulnerabilities in Continuous Integration/Continuous Deployment (CI/CD) systems that could allow unauthorized users to hijack millions of open source repositories. These security flaws pose a serious risk to the software supply chain, making it easier for attackers to manipulate code and potentially introduce malicious elements. Organizations relying on open source software must take these vulnerabilities seriously, as they could undermine the integrity of their projects and software releases. The implications stretch across various sectors, affecting developers and companies that utilize these CI/CD tools. Without proper safeguards, the risk of supply chain attacks could increase dramatically, threatening both security and trust in open source software.

Jun 24, 2026

Stealthy Mistic backdoor linked to ransomware access broker KongTuke

BleepingComputer

A new backdoor known as Mistic has been identified in cyberattacks targeting various sectors, including insurance, education, IT, and professional services. This malware is believed to be linked to KongTuke, a group known for facilitating ransomware attacks. Mistic operates stealthily, allowing attackers to gain unauthorized access to sensitive systems without detection. Organizations in the affected industries should be particularly vigilant, as these types of threats can lead to significant financial and data losses. The emergence of Mistic emphasizes the ongoing risks faced by businesses in maintaining cybersecurity.

Jun 24, 2026