All news with #container security tag

🔒 Docker has opened unlimited, subscription-based access to its Hardened Images catalog starting today, offering a 30-day free trial to make near-zero CVE container images affordable for startups and SMBs. These images are built from source, signed, rootless by default, include SBOM and VEX data, and are covered by a seven-day patch SLA for newly discovered CVEs. Docker says removing nonessential components can reduce attack surface by up to 95%, and hardened variants are compatible with Alpine and Debian and can be adopted by changing a single Dockerfile line.

🔒 Red Hat has disclosed a severe privilege escalation vulnerability in OpenShift AI (CVE-2025-10725) that can allow an authenticated, low-privileged user to escalate to full cluster administrator and fully compromise a deployment. The issue carries a CVSS score of 9.9 but is rated Important by Red Hat because exploitation requires an authenticated account. Affected releases include OpenShift AI 2.19, 2.21 and RHOAI. Administrators are advised to avoid broad ClusterRoleBindings such as binding kueue-batch-user-role to system:authenticated, and to grant job creation permissions only on a granular, need-to-know basis while applying vendor guidance.

🚀 Amazon Elastic Container Service (Amazon ECS) now supports running tasks and services in IPv6-only subnets, eliminating the prior requirement for IPv4 addresses. This enables containerized applications to scale without IPv4 address constraints and helps organizations meet IPv6 compliance mandates. The capability works across all ECS launch types and networking modes; create IPv6-only VPC subnets and ECS will provision networking automatically. See the task networking documentation and a blog walkthrough for launch-specific details and migration guidance.

🚀 VibeSDK is an open-source platform that enables organizations to deploy a complete AI-powered "vibe coding" experience with one click, integrating LLMs, secure sandboxes, and scalable hosting. It provisions isolated development environments to safely execute AI-generated code, offers templates and live previews, and automates build, test, and deploy workflows. The SDK also provides multi-model routing, observability, and caching, plus one-click export to users' Cloudflare accounts or GitHub so teams retain control of code and costs.

🔒 Falcon Cloud Security provides end-to-end protection for AI development pipelines by embedding AI detection into CI/CD workflows, scanning container images, and surfacing AI-related packages and CVEs in real time. It extends visibility to cloud model services — including AWS SageMaker and Bedrock, Azure AI, and Google Vertex AI — revealing model provenance, dependencies, and API usage. Runtime inventory ties build-time detections to live containers so teams can prioritize fixes, govern models, and maintain delivery velocity without compromising security.

🚀 AWS Lambda now supports creating or updating functions using container images stored in an Amazon ECR repository in a different AWS account within GovCloud Regions. This removes the previous need to copy images into a local ECR repo and streamlines centralized image management and CI/CD workflows. Administrators must grant the Lambda resource and the Lambda service principal the necessary cross-account permissions.

🔐 The AWS Management Console now supports ECS Exec, allowing operators to open secure, interactive shell sessions to running containers directly from the console. This removes the need to switch to the CLI, API, or SDKs for troubleshooting and avoids opening inbound ports or managing SSH keys. You can enable ECS Exec when creating or updating services and standalone tasks, and configure encryption and logging at the cluster level. Sessions launch through CloudShell, and the console displays the underlying AWS CLI command for reuse in a local terminal.

📦 Amazon ECR now supports repository creation templates in AWS GovCloud (US) Regions. Templates let you preconfigure encryption, lifecycle policies, access permissions, and tag immutability for repositories that ECR creates during pull-through cache and replication operations. Templates use a prefix to automatically match and apply settings to new repositories, reducing manual setup and helping enforce consistent registry governance across environments.

🧬 AWS HealthOmics now supports third-party container registries through Amazon ECR pull-through cache and a new container URI remapping capability, easing access to tools hosted on Docker Hub, GitHub, Quay, GitLab, Azure, and other registries. The pull-through cache automatically retrieves and caches images while URI remapping translates third-party references to private ECR URIs using customer-defined mapping rules. These capabilities remove the need for manual image migration or workflow edits and are available in all regions where AWS HealthOmics is offered, helping bioinformatics teams accelerate workflow development and execution.

🔒 Lacework FortiCNAPP unifies CSPM, CWP, CIEM, and CDR to secure cloud-native workloads from development through runtime. It integrates with CI/CD pipelines to scan IaC, container images, and libraries, and leverages FortiDevSec for static and dynamic testing so vulnerabilities are caught before deployment. At runtime, behavior-based workload protection, cloud audit log analysis, and Fortinet Composite Alerts produce high-fidelity detections, while FortiWeb and automation via FortiSOAR enable edge blocking and orchestrated remediation.

📦 This post describes how Skopeo, a daemonless CLI for container images, can streamline image management with Artifact Registry and Google Cloud CI/CD. It outlines setup steps and five practical workflows—inspect manifests, registry-to-registry copying, listing tags, promoting images, and automated verification. The article also covers security integrations with tools like Cosign and Binary Authorization, and recommends Skopeo for faster, daemonless automation in Cloud Build and related environments.

🚀 Microsoft announced it was recognized as a Leader in the 2025 Gartner Magic Quadrant for Container Management, reflecting the scope and customer impact of its container portfolio. Azure Kubernetes Service (AKS), Azure Container Apps, and hybrid/multicloud capabilities with Azure Arc are highlighted for developer productivity, operational simplicity, and AI readiness. The company emphasized developer tooling like AKS Automatic (preview), Azure Developer CLI, and GitHub Copilot, plus integrated security through Microsoft Defender for Containers and Azure Policy. Customer examples such as ChatGPT, Telefônica Brasil, Coca‑Cola, Hexagon, and Delta Dental illustrate real-world outcomes.