All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Ongoing Cybersecurity Threat: XZ Utils Backdoor Persists in Docker Images

By

torgoguys

9mo ago· 8 min readenNews
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Pure flour-power. Hearty enough to carry you through lunch.

Score100TypenewsSentimentnegative

Summary

The article discusses the lingering threat of the XZ Utils backdoor, initially discovered in March last year, which was inserted into the liblzma.so library by a developer named 'Jia Tan'. The Binarly REsearch team highlights a new finding: several Docker images built during the compromise period still contain the backdoor and remain publicly available on Docker Hub, posing an ongoing cybersecurity risk.

Key quotes

· 3 pulled
‘Jia Tan’, a developer who had spent two years building significant credibility in the project through numerous contributions, inserted a sophisticated backdoor into the xz-utils packages.
The discovery sent cybersecurity experts, including the Binarly REsearch team, scrambling to reverse engineer the backdoor to understand its scope and potential impact.
What we discovered is that some of these compromised images are still publicly available on Docker Hub.
Snippet from the RSS feed
In this blog, we share a new finding in the XZ Utils saga: several Docker images built around the time of the compromise contain the backdoor. At first glance, this might not seem alarming: if the distribution packages were backdoored, then any Docker ima

You might also wanna read

CISA Adds Palo Alto Networks PAN-OS Authentication Bypass Vulnerability to Known Exploited Vulnerabilities Catalog

CISA has added a new vulnerability (CVE-2026-0257) to its Known Exploited Vulnerabilities (KEV) Catalog, affecting Palo Alto Networks PAN-OS

cisa.gov·1h ago

CISA Adds Palo Alto Networks PAN-OS Authentication Bypass Vulnerability to Known Exploited Vulnerabilities Catalog

CISA has added a new vulnerability (CVE-2026-0257) to its Known Exploited Vulnerabilities (KEV) Catalog, affecting Palo Alto Networks PAN-OS

cisa.gov·1h ago

#NYTechWeek Panel: Addressing the Youth Cybersecurity Talent Gap

This article announces a panel event at #NYTechWeek focused on the cybersecurity talent gap among young people. Moderated by Girls Who Code

partiful.com·1h ago

North Korean Chollima Group Targets PHP Developers via Malicious Packagist Package

A malicious obfuscated JavaScript payload was discovered appended to tailwind.js in the Packagist development version dev-drewroberts/featur

socket.dev·6h ago

Microsoft warns of crypto mining malware disguised as fake downloads of popular PC utilities

Microsoft's Windows Defender team has uncovered a cryptocurrency mining campaign targeting PC enthusiasts. Scammers are manipulating search

techspot.com·9h ago

ShinyHunters leaks 4.9 million Charter Communications customer records after extortion refusal

ShinyHunters, a hacking group, claims to have leaked personal data of 4.9 million Charter Communications customers after the telecom company

theregister.com·9h ago