< ciso
brief />
Tag Banner

All news with #container security tag

60 articles · page 2 of 3

Amazon ECR Pull Through Cache Adds Chainguard Support

🔒 Amazon Elastic Container Registry (Amazon ECR) pull through cache now supports Chainguard as an upstream registry, enabling customers to cache private Chainguard images within ECR. This feature synchronizes frequently with Chainguard's registry so images stay up to date without extra tooling. Cached images can be managed with ECR capabilities like image scanning and lifecycle policies, and the pull through cache is available in all AWS Regions where ECR supports it. By centralizing Chainguard images in ECR, customers gain improved availability, manageability, and security posture.
read more →

AWS at RSAC 2026: Unifying Security and Data for AI

🔒 Visit AWS at booth S-0466 in South Expo to experience interactive demos, partner integrations, and an AI-powered Humanoid Security Guardian that generates customized well-architected guides via QR code. AWS security specialists will present sessions on privacy-by-design, trusted identity for autonomous agents, container supply-chain protection, and preparing for AI-native incidents. Join hands-on workshops and CTF challenges in Cloud Village, March 23–26, and use a Partner Passport to collect booth stamps, earn swag, and enter daily raffles.
read more →

Kaspersky Adds OpenAI API Support to Container Security

🔒 Kaspersky has extended Kaspersky Container Security with support for the OpenAI API, allowing organizations to connect local or third‑party large language models that implement that API. The integrated AI assistant analyzes uploaded container images, describes their contents and behavior, performs independent risk assessments, and suggests mitigations to speed investigations and decision-making. The update also brings single sign‑on and multi‑domain Active Directory support, faster image scanning, and enhanced security policy capabilities to the Kaspersky Cloud Workload Security suite.
read more →

Kubernetes security: strengthening cluster defenses

🔒 New Kubernetes clusters are probed and often attacked within minutes, with honeypots run by Palo Alto Networks, Wiz and Aqua Security showing initial compromise attempts in roughly twenty minutes and repeated automated scans against container ports. The platform's permissive defaults and complex model make standard cloud controls insufficient. Organizations should adopt Kubernetes-specific controls: harden and automate RBAC, isolate workloads with network and namespace policies, store secrets in dedicated key management services, perform regular audits, and train developers on platform-specific threats and secure CI/CD practices.
read more →

Why 'Shift Left' Failed for Security and Developers

🔒 The push to 'shift left' has largely failed because it places excessive security responsibility on developers who are pressured to prioritise speed. Ivan Milenkovic of Qualys highlights how noisy, slow tools and misplaced trust in public container registries let malicious images and embedded secrets slip into deployment pipelines. He urges organisations to proxy external images, create a golden path of approved templates and CI pipelines, and shift down security into platform engineering so controls are automatic and developer friction is minimised.
read more →

TeamPCP Worm Targets Cloud Native Infrastructure at Scale

🚨 Researchers warn of a massive, worm-driven campaign by TeamPCP that began around December 25, 2025, systematically compromising cloud-native environments. The group abused exposed Docker APIs, Kubernetes clusters, Ray dashboards, Redis servers, and a critical React2Shell vulnerability (CVE-2025-55182) to deploy proxy, scanning, and C2 infrastructure. Compromised hosts are used for persistence, data exfiltration, extortion, crypto-mining, and proxy/C2 relays, with tooling tailored to Kubernetes and AWS/Azure deployments.
read more →

Amazon ECS Managed Instances in European Sovereign Cloud

🔒 Amazon ECS Managed Instances is now available in the AWS European Sovereign Cloud, enabling customers to run EC2-backed container workloads under regional sovereignty controls. As a fully managed compute option, Managed Instances dynamically scales EC2 instances, optimizes task placement, and performs security patching every 14 days while supporting GPU and network-optimized instance families. Enable via Console, the Amazon ECS MCP Server, or infrastructure-as-code; management fees apply in addition to standard EC2 costs.
read more →

Amutable Aims to Bring Verifiable Integrity to Linux

🔒Amutable, a Berlin startup launched this week, says it will bring determinism and verifiable integrity to Linux systems. Its founding team includes prominent Linux engineers such as Lennart Poettering (known for systemd) and ex‑Microsoft executives Chris Kühl (CEO) and Christian Brauner (CTO). The company is focusing on the container stack — Kubernetes, runc, LXC, Incus and containerd — and proposes cryptographic verification of images, signed manifests and continuous checks to detect tampering proactively rather than reactively.
read more →

Amazon ECS publishes container health metric in CloudWatch

📈 Amazon Elastic Container Service now publishes container health status as a new CloudWatch Container Insights metric. When a task defines a container health check, Container Insights emits UnHealthyContainerHealthStatus (0 = HEALTHY, 1 = UNHEALTHY) and includes health-state details in EMF logs during UNKNOWN evaluations. The metric is available at cluster, service, task, and container dimensions, and customers can create CloudWatch alarms to notify teams of unhealthy containers.
read more →

VoidLink: Malware Largely Created by AI in Record Time

⚠️ Check Point Research says VoidLink, a modular Linux malware framework, appears to have been planned, structured, and largely written by AI rather than solely by human developers. Analysts found programmatically generated sprint-style plans, detailed technical specifications, and repetitive code patterns consistent with automated generation. The project reportedly grew to tens of thousands of lines of code in under a week, compressing months of work into days. That speed and planning raise concerns that AI can significantly lower the barrier to producing sophisticated, cloud- and container-focused threats.
read more →

Amazon ECR Enables Cross-Repository Layer Sharing Now

📦 Amazon Elastic Container Registry (ECR) now supports cross-repository layer sharing via a capability called blob mounting. By enabling this registry-level setting through the ECR console or AWS CLI, teams can reuse identical image layers across repositories to accelerate image pushes and reduce duplicate storage. Blob mounting is available in all AWS commercial and AWS GovCloud (US) Regions and is applied automatically during image push operations.
read more →

VoidLink: Advanced Modular Malware for Linux Cloud

🛡️ Researchers at Check Point disclosed VoidLink, a sophisticated modular malware framework targeting Linux servers and containers in cloud environments. Written primarily in Zig with supporting components in Go, C, and JavaScript, the platform uses a two-stage loader and an extensible plugin ecosystem (37 built-in modules) delivered via a professional web-based C2 dashboard to harvest credentials and access source code systems. It detects major cloud providers and container runtimes, adapts evasion strategies based on detected EDR and kernel hardening, and employs rootkits and covert C2 channels to maintain stealthy, long-term access.
read more →

VoidLink: Advanced Linux Malware Framework Targets Cloud

🔍 A newly identified cloud-native Linux malware framework named VoidLink targets modern cloud and container environments, providing custom loaders, implants, rootkits, and memory-loaded plugins. According to Check Point, it is written in Zig, Go, and C and adapts behavior based on Kubernetes, Docker, and cloud metadata queries. Communications can use HTTP, WebSocket, DNS tunneling, or ICMP encapsulated in a custom encrypted layer VoidStream, and the framework includes extensive anti-forensics and runtime protections. Analysts assess it appears under active development and may be a commercial or customer-targeted framework rather than evidence of a current widespread campaign.
read more →

VoidLink: Cloud-Native Linux Malware Framework Unveiled

🛡️ Check Point Research describes VoidLink, a cloud-native Linux malware framework built to maintain long-term, stealthy access to cloud infrastructure rather than targeting individual endpoints. Its modular, plug-in-driven design enables attackers to extend capabilities over time while remaining quiet. Adaptive stealth allows the framework to alter behavior based on defensive visibility, prioritizing evasion in monitored environments and speed where visibility is limited.
read more →

VoidLink: Advanced Linux Cloud-Native Malware Framework

🛡️ Check Point Research disclosed a previously undocumented Linux malware framework named VoidLink, designed for long-term stealthy access to cloud and container environments. The cloud-native toolkit is highly modular, written in Zig, and comprises custom loaders, implants, rootkits, and an in-memory plugin system with more than 30 modules. It supports diverse C2 channels (HTTP/HTTPS, WebSocket, ICMP, DNS), peer-to-peer mesh networking, and automated cloud discovery across AWS, GCP, Azure, Alibaba, and Tencent. Check Point assesses the framework as actively maintained and attributes it to China-affiliated actors, warning of significant credential-theft and supply-chain risks for cloud-native ecosystems.
read more →

Trusted Open Source Report: Longtail Risk & Remediation

🔒 Chainguard’s quarterly pulse, The State of Trusted Open Source, analyzes anonymized usage and CVE data across a large customer base and catalog of container images to reveal where real production risk concentrates. The report finds Python leading the modern AI stack, while roughly half of production runs on a diverse longtail of images beyond the top 20. Importantly, 98% of remediated CVE instances occurred in that longtail, and compliance drivers like FIPS adoption materially influence image choices. Chainguard also highlights fast remediation performance, averaging under 20 hours for Critical CVEs.
read more →

Docker Makes 1,000 Hardened Container Images Open Source

🐳 Docker has open-sourced and made freely available over 1,000 Docker Hardened Images (DHI) under the Apache 2.0 license to provide a secure, minimal foundation for containerized applications. The images are rootless, stripped of unnecessary components, SBOM-verifiable, and shipped with SLSA Build Level 3 provenance and proof of authenticity. Docker will continue to publish fixes for DHI components while reserving a 7-day critical CVE patching SLA for the commercial DHI Enterprise tier. The full DHI catalog and subscription options are available from Docker's product offerings.
read more →

Amazon ECR now auto-creates repositories on push globally

🔁 Amazon Elastic Container Registry (ECR) can now automatically create repositories when images are pushed, removing the need to pre-create repositories before a push. Repository creation follows organization-defined repository creation templates, enabling consistent naming and default settings at creation. The create-on-push capability is available in all AWS commercial and AWS GovCloud (US) Regions.
read more →

Amazon ECS on Fargate Adds Custom Container Stop Signals

🛑 Amazon Elastic Container Service (ECS) on AWS Fargate now honors container-defined stop signals for Linux tasks by reading the OCI image STOPSIGNAL instruction and sending that signal when a task is stopped. Previously Fargate always sent SIGTERM followed by SIGKILL after the configured timeout, but containers that rely on SIGQUIT, SIGINT, or other signals can now receive their intended shutdown signal. If no STOPSIGNAL is present, ECS continues to default to SIGTERM. Support for container-defined stop signals is available in all AWS Regions and the ECS Developer Guide provides implementation details.
read more →

Amazon ECR adds Archive storage class and lifecycle rules

📦 Amazon Web Services announced a new Amazon ECR Archive storage class to lower costs for large volumes of rarely accessed container images. Lifecycle policies can now archive images by last pull time, age, or count, and archived images are excluded from repository image limits. Archived images are inaccessible for pulls but can be restored via Console, CLI, or API within about 20 minutes, and all operations are logged to CloudTrail; the feature is available in AWS Commercial and GovCloud (US) Regions.
read more →