Olaf22h ago

Die letzten Brücken sind abgebrochen: Mein Umzug von #GitHub zu #Codeberg ist abgeschlossen. Für #ContinuousIntegration und #ContinuousDelivery nutze ich jetzt ein selbst gehostetes #Woodpecker CI. Damit baue ich automatisch Docker‑Images, die anschließend in die Codeberg‑Registry hochgeladen werden (statt zu #DockerHub).

Ich habe nicht alle über 100 Repositories von GitHub migriert, aber die wichtigsten. Bei einigen lag das letzte Commit im Jahr 2021 — eine echte Zeitreise.

#bigtech
#OpenSource
#unplugtrump
#fckbigtech
#digitalesouvernat

Analyst207Apr 23

Checkmarx KICS Tool Compromised in Supply-Chain Breach

A critical vulnerability was discovered in the Checkmarx KICS tool due to a supply-chain breach, where a malicious Docker image was briefly hosted on DockerHub, exposing users to potential security risks between April 22, 2026, 14:17:59 UTC and 15:41:31 UTC. The breach was quickly identified and rectified, with affected tags restored…

https://osintsights.com/checkmarx-kics-tool-compromised-in-supply-chain-breach?utm_source=mastodon&utm_medium=social

#SupplyChainBreach #Dockerhub #CheckmarxKics #EmergingThreats #TrojanizedImage

Checkmarx KICS Tool Compromised in Supply-Chain Breach

Learn about the Checkmarx KICS tool supply-chain breach and how attackers manipulated DockerHub images, discover what happened and take steps to secure your software now.

OSINTSights
(in)sicurezza digitaleApr 23

Checkmarx nel mirino di TeamPCP: l’immagine Docker ufficiale di KICS trojanizzata per esfiltrare i segreti dell’infrastruttura

Per la seconda volta in due mesi, il gruppo TeamPCP ha violato la supply chain di Checkmarx, pubblicando immagini Docker trojanizzate del security scanner KICS ed estensioni VS Code maligne capaci di rubare token cloud, credenziali GitHub e chiavi SSH. Il payload mcpAddon.js, consegnato tramite runtime Bun da un commit retrodatato, punta a trasformare ogni pipeline CI/CD in un punto di esfiltrazione.

https://insicurezzadigitale.com/checkmarx-nel-mirino-di-teampcp-limmagine-docker-ufficiale-di-kics-trojanizzata-per-esfiltrare-i-segreti-dellinfrastruttura/

Analyst207Apr 22

Malicious Docker Images Compromise Checkmarx Supply Chain

Malicious Docker images compromised the Checkmarx supply chain by embedding a tampered KICS binary that secretly collected and sent sensitive data to an external endpoint. This sneaky data-exfiltration risk put users at risk, thanks to an altered scan report generated by the poisoned image.

https://osintsights.com/malicious-docker-images-compromise-checkmarx-supply-chain?utm_source=mastodon&utm_medium=social

#MaliciousDockerImages #SupplyChain #DockerHub #DataExfiltration #Kics

Malicious Docker Images Compromise Checkmarx Supply Chain

Learn how malicious Docker images compromised Checkmarx supply chain via altered KICS binary, and take steps to secure your software supply chain now effectively.

OSINTSights
Will   Mar 23

#trivy supply chain attack spreads to #dockerhub. Compromised Docker Hub images and a self-propagating npm worm have been discovered, escalating the Trivy breach into a multi-platform threat. Stolen npm tokens from infected CI/CD pipelines fueled a self-propagating worm dubbed #CanisterWorm, compromising nearly 50 npm packages across multiple scopes.

https://thehackernews.com/2026/03/trivy-security-scanner-github-actions.html?m=1

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

The Hacker News
Docker BlogFeb 25

Open WebUI + Docker Model Runner: Self-Hosted Models, Zero Configuration
#Docker #Products #AIML #DockerHub #DockerModelRunner

https://www.docker.com/blog/openwebui-docker-model-runner/

OpenWebUI + Model Runner: Zero-Config Local AI | Docker

Run self-hosted models in minutes. OpenWebUI auto-detects Docker Model Runner. No configuration required so you can chat with local models from a modern web UI.

Docker
Docker BlogFeb 17

The Multi-Model Database for AI Agents: Deploy SurrealDB with Docker Extension
#Docker #Community #Products #Solutions #AIAgent #DockerDesktop #DockerExtensions #DockerHub

https://www.docker.com/blog/deploy-surrealdb-docker-desktop-extension/

Deploy SurrealDB with Docker Desktop Extension | Docker

Deploy SurrealDB in Docker Desktop with its extension, then build a WhatsApp RAG chatbot using vectors, graphs, and real-time queries all in one database.

Docker
MarcelJan 28

Momentan geht mir Dockerhub voll aufn Sack. Angeblich Pulllimit erreicht (100 Pulls in 6 Stunden)

IM LEBEN NICHT!  

#Docker #Dockerhub

Docker BlogJan 26

Clawdbot with Docker Model Runner, a Private Personal AI Assistant
#Docker #Products #AIML #DockerHub #DockerModelRunner

https://www.docker.com/blog/clawdbot-docker-model-runner-private-personal-ai/

Run a Private Personal AI with Clawdbot + DMR | Docker

Use Clawdbot + Docker Model Runner to run a private personal assistant on your hardware—fast setup, local data control, and predictable costs.

Docker
Docker BlogJan 26

Run Claude Code Locally with Docker Model Runner
#Docker #Products #AIML #DockerDesktop #DockerHub #DockerModelRunner

https://www.docker.com/blog/run-claude-code-locally-docker-model-runner/

Use Claude Code with Docker Model Runner | Docker

Get Claude Code working with Docker Model Runner—free, on-device, and private. Your cloud bill stays at $0.

Docker