All news with #container security tag

🧰 Cloudflare has declared Sandboxes and Cloudflare Containers generally available, delivering persistent, isolated development environments tailored for AI agents and human developers. Key additions include secure credential injection via an egress proxy, PTY-backed WebSocket terminals, persistent Python/JavaScript/TypeScript interpreters, filesystem event streams, background dev servers with public preview URLs, and fast disk-state snapshots. Higher instance limits and Active CPU Pricing reduce cost and improve scalability; the SDK is at version 0.8.9.

🔍 The State of Trusted Open Source report analyzes Chainguard customer usage and security data from Dec 1, 2025 through Feb 28, 2026, covering 2,200+ container image projects, 33,931 fix instances, and 377 unique CVEs. It shows AI-driven development accelerating adoption of Python and PostgreSQL, broader standardization around language ecosystems, and the rise of chainguard-base as a minimal foundation. Vulnerability discovery and remediation scaled dramatically—unique CVEs rose 145% and fixes tripled—while median remediation time remained about 2.0 days. The report highlights persistent long-tail risk and a notable increase in FIPS-driven adoption.

🛡️ Amazon Elastic Container Service (ECS) introduces Managed Daemons for ECS Managed Instances, enabling platform teams to centrally deploy and manage security, observability, and networking agents independently of application tasks. ECS guarantees exactly one daemon task per managed instance and ensures daemons are running before application placement, improving coverage and resource efficiency. Updates are handled by draining and replacing instances with circuit breaker and rollback protections; the feature is available in all AWS Regions with no additional service cost beyond compute.

🛡️ EmDash is a new, open-source CMS from Cloudflare, written in TypeScript and available as a v0.1.0 preview that aims to be the spiritual successor to WordPress. It runs plugins in isolated Dynamic Workers and enforces capability-based manifests so extensions can only perform explicitly declared actions, substantially reducing plugin attack surface. EmDash is serverless-first, uses Astro for themes, includes built-in x402 payment support and passkey authentication, and provides CLI and MCP tooling to enable AI-driven management and migrations.

🔒 Kubernetes clusters can be undermined by the very automation that makes them resilient. By registering or compromising a controller—most commonly via a MutatingWebhookConfiguration—an attacker can intercept pod-creation requests and inject a covert sidecar, turning the cluster’s control loop into a self-healing backdoor. These injections are often invisible to casual inspection, survive pod restarts and upgrades, and can be disguised under benign names. Teams should audit webhooks, monitor RoleBindings and OwnerReferences, and restrict webhook registration to reduce this risk.

🔒 Amazon Elastic Container Registry (Amazon ECR) pull through cache now supports Chainguard as an upstream registry, enabling customers to cache private Chainguard images within ECR. This feature synchronizes frequently with Chainguard's registry so images stay up to date without extra tooling. Cached images can be managed with ECR capabilities like image scanning and lifecycle policies, and the pull through cache is available in all AWS Regions where ECR supports it. By centralizing Chainguard images in ECR, customers gain improved availability, manageability, and security posture.

🔒 Visit AWS at booth S-0466 in South Expo to experience interactive demos, partner integrations, and an AI-powered Humanoid Security Guardian that generates customized well-architected guides via QR code. AWS security specialists will present sessions on privacy-by-design, trusted identity for autonomous agents, container supply-chain protection, and preparing for AI-native incidents. Join hands-on workshops and CTF challenges in Cloud Village, March 23–26, and use a Partner Passport to collect booth stamps, earn swag, and enter daily raffles.

🔒 Kaspersky has extended Kaspersky Container Security with support for the OpenAI API, allowing organizations to connect local or third‑party large language models that implement that API. The integrated AI assistant analyzes uploaded container images, describes their contents and behavior, performs independent risk assessments, and suggests mitigations to speed investigations and decision-making. The update also brings single sign‑on and multi‑domain Active Directory support, faster image scanning, and enhanced security policy capabilities to the Kaspersky Cloud Workload Security suite.

🔒 New Kubernetes clusters are probed and often attacked within minutes, with honeypots run by Palo Alto Networks, Wiz and Aqua Security showing initial compromise attempts in roughly twenty minutes and repeated automated scans against container ports. The platform's permissive defaults and complex model make standard cloud controls insufficient. Organizations should adopt Kubernetes-specific controls: harden and automate RBAC, isolate workloads with network and namespace policies, store secrets in dedicated key management services, perform regular audits, and train developers on platform-specific threats and secure CI/CD practices.

🔒 The push to 'shift left' has largely failed because it places excessive security responsibility on developers who are pressured to prioritise speed. Ivan Milenkovic of Qualys highlights how noisy, slow tools and misplaced trust in public container registries let malicious images and embedded secrets slip into deployment pipelines. He urges organisations to proxy external images, create a golden path of approved templates and CI pipelines, and shift down security into platform engineering so controls are automatic and developer friction is minimised.

🚨 Researchers warn of a massive, worm-driven campaign by TeamPCP that began around December 25, 2025, systematically compromising cloud-native environments. The group abused exposed Docker APIs, Kubernetes clusters, Ray dashboards, Redis servers, and a critical React2Shell vulnerability (CVE-2025-55182) to deploy proxy, scanning, and C2 infrastructure. Compromised hosts are used for persistence, data exfiltration, extortion, crypto-mining, and proxy/C2 relays, with tooling tailored to Kubernetes and AWS/Azure deployments.

🔒 Amazon ECS Managed Instances is now available in the AWS European Sovereign Cloud, enabling customers to run EC2-backed container workloads under regional sovereignty controls. As a fully managed compute option, Managed Instances dynamically scales EC2 instances, optimizes task placement, and performs security patching every 14 days while supporting GPU and network-optimized instance families. Enable via Console, the Amazon ECS MCP Server, or infrastructure-as-code; management fees apply in addition to standard EC2 costs.

🔒Amutable, a Berlin startup launched this week, says it will bring determinism and verifiable integrity to Linux systems. Its founding team includes prominent Linux engineers such as Lennart Poettering (known for systemd) and ex‑Microsoft executives Chris Kühl (CEO) and Christian Brauner (CTO). The company is focusing on the container stack — Kubernetes, runc, LXC, Incus and containerd — and proposes cryptographic verification of images, signed manifests and continuous checks to detect tampering proactively rather than reactively.

📈 Amazon Elastic Container Service now publishes container health status as a new CloudWatch Container Insights metric. When a task defines a container health check, Container Insights emits UnHealthyContainerHealthStatus (0 = HEALTHY, 1 = UNHEALTHY) and includes health-state details in EMF logs during UNKNOWN evaluations. The metric is available at cluster, service, task, and container dimensions, and customers can create CloudWatch alarms to notify teams of unhealthy containers.

⚠️ Check Point Research says VoidLink, a modular Linux malware framework, appears to have been planned, structured, and largely written by AI rather than solely by human developers. Analysts found programmatically generated sprint-style plans, detailed technical specifications, and repetitive code patterns consistent with automated generation. The project reportedly grew to tens of thousands of lines of code in under a week, compressing months of work into days. That speed and planning raise concerns that AI can significantly lower the barrier to producing sophisticated, cloud- and container-focused threats.

📦 Amazon Elastic Container Registry (ECR) now supports cross-repository layer sharing via a capability called blob mounting. By enabling this registry-level setting through the ECR console or AWS CLI, teams can reuse identical image layers across repositories to accelerate image pushes and reduce duplicate storage. Blob mounting is available in all AWS commercial and AWS GovCloud (US) Regions and is applied automatically during image push operations.

🛡️ Researchers at Check Point disclosed VoidLink, a sophisticated modular malware framework targeting Linux servers and containers in cloud environments. Written primarily in Zig with supporting components in Go, C, and JavaScript, the platform uses a two-stage loader and an extensible plugin ecosystem (37 built-in modules) delivered via a professional web-based C2 dashboard to harvest credentials and access source code systems. It detects major cloud providers and container runtimes, adapts evasion strategies based on detected EDR and kernel hardening, and employs rootkits and covert C2 channels to maintain stealthy, long-term access.

🔍 A newly identified cloud-native Linux malware framework named VoidLink targets modern cloud and container environments, providing custom loaders, implants, rootkits, and memory-loaded plugins. According to Check Point, it is written in Zig, Go, and C and adapts behavior based on Kubernetes, Docker, and cloud metadata queries. Communications can use HTTP, WebSocket, DNS tunneling, or ICMP encapsulated in a custom encrypted layer VoidStream, and the framework includes extensive anti-forensics and runtime protections. Analysts assess it appears under active development and may be a commercial or customer-targeted framework rather than evidence of a current widespread campaign.

🛡️ Check Point Research describes VoidLink, a cloud-native Linux malware framework built to maintain long-term, stealthy access to cloud infrastructure rather than targeting individual endpoints. Its modular, plug-in-driven design enables attackers to extend capabilities over time while remaining quiet. Adaptive stealth allows the framework to alter behavior based on defensive visibility, prioritizing evasion in monitored environments and speed where visibility is limited.

🛡️ Check Point Research disclosed a previously undocumented Linux malware framework named VoidLink, designed for long-term stealthy access to cloud and container environments. The cloud-native toolkit is highly modular, written in Zig, and comprises custom loaders, implants, rootkits, and an in-memory plugin system with more than 30 modules. It supports diverse C2 channels (HTTP/HTTPS, WebSocket, ICMP, DNS), peer-to-peer mesh networking, and automated cloud discovery across AWS, GCP, Azure, Alibaba, and Tencent. Check Point assesses the framework as actively maintained and attributes it to China-affiliated actors, warning of significant credential-theft and supply-chain risks for cloud-native ecosystems.