Hardened Images: 28. Unmanaged Risk: 0. The scoreboard says it all.
Don’t let a vulnerability fumble your production. Power your infrastructure with a championship-ready foundation with ActiveState’s Secure Containers.
Find your winning lineup and browse our catalog: https://catalog.activestate.com/?utm_source=mastodon&utm_medium=organic_social&utm_campaign=fy26_q1_secure_container_image_catalog
It's been a packed 24 hours in the cyber world with critical zero-day vulnerabilities, evolving threat actor tactics, significant data breaches, and shifts in government policy. Let's dive in:
Critical Zero-Days in Ivanti EPMM and SmarterMail ⚠️
- Ivanti has patched two critical code-injection zero-days (CVE-2026-1281, CVE-2026-1340) in its Endpoint Manager Mobile (EPMM) platform, actively exploited to achieve unauthenticated remote code execution.
- These flaws, with CVSS scores of 9.8, allow attackers to execute arbitrary code and access sensitive data like user credentials, device info, and potentially location data. Temporary RPM scripts are available, but a permanent fix is due in Q1 2026.
- SmarterMail also addressed a critical unauthenticated RCE (CVE-2026-24423, CVSS 9.3) in its ConnectToHub API, and a medium-severity NTLM relay vulnerability (CVE-2026-25067) that could lead to credential coercion. Users are urged to update to Build 9511 (for RCE) and Build 9518 (for NTLM relay) immediately.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/ivanti-warns-of-two-epmm-flaws-exploited-in-zero-day-attacks/
📰 The Hacker News | https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html
📰 The Hacker News | https://thehackernews.com/2026/01/smartermail-fixes-critical.html
Evolving Android Malware and Chinese APT Tactics 🛡️
- A new Android malware campaign is leveraging Hugging Face as a trusted repository to distribute thousands of polymorphic APK variants, disguised as a security app called TrustBastion. It exploits Accessibility Services to steal credentials for financial services like Alipay and WeChat.
- China-linked APTs are actively deploying sophisticated malware: "PeckBirdy," a JScript-based C2 framework, is used by both financially motivated cybercrime groups targeting Chinese gambling sites and espionage groups against Asian government entities.
- UAT-8099, another China-linked threat actor, is targeting vulnerable IIS servers in Asia, particularly Thailand and Vietnam, with BadIIS SEO malware. They use web shells, PowerShell, and legitimate tools like GotoHTTP for remote access and persistence, creating hidden user accounts like "admin$" or "mysql$".
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hugging-face-abused-to-spread-thousands-of-android-malware-variants/
⚫ Dark Reading | https://www.darkreading.com/cyberattacks-data-breaches/chinese-apts-asian-orgs-high-end-malware
📰 The Hacker News | https://thehackernews.com/2026/01/china-linked-uat-8099-targets-iis-servers-in-asia-with-badiis-seo-malware
High-Profile Breaches and IP Theft Conviction 🚨
- Coupang, a major Korean e-commerce site, is under police investigation for allegedly obstructing a probe into a data breach affecting 33.7 million customer accounts, with its CEO questioned and a smashed laptop recovered from a river.
- Thousands more Oregon residents are being notified of health data exposure from the TriZetto data breach, which occurred in November 2024 but wasn't discovered until almost a year later, impacting over 700,000 patients across multiple US states.
- A former Google engineer, Linwei Ding, has been convicted of economic espionage and theft of trade secrets for stealing over 2,000 confidential AI-related documents to benefit a China-based startup he founded.
🗞️ The Record | https://therecord.media/coupang-acting-CEO-questioned-police-investigating-data-breach
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/30/trizetto_health_data_stolen/
📰 The Hacker News | https://thehackernews.com/2026/01/ex-google-engineer-convicted-for.html
Broadening Cyber Threats and Law Enforcement Responses 🌍
- A senior Secret Service official highlighted the "staggering" weakness in the Internet Assigned Numbers Authority (IANA) domain registration system, which facilitates phishing and fraudulent advertising due to insufficient identity validation.
- Google, in collaboration with Cloudflare and Lumen, disrupted IPIDEA, a China-based residential proxy network, removing millions of devices used by cybercriminals and espionage groups, though a significant portion remains active.
- Illicit cryptocurrency flows surged to a record $158 billion in 2025, primarily driven by sanctions-linked activity (Russia, Iran, Venezuela), nation-state use, and improved attribution, despite a slight drop in illicit activity's share of total volume.
- A comprehensive analysis of 418 law enforcement actions (2021-mid-2025) reveals that extortion, malware, and hacking are the most targeted criminal acts, with arrests dominating responses and significant public-private collaboration, particularly from US agencies.
🤫 CyberScoop | https://cyberscoop.com/secret-service-iana-domain-security-weakness/
🤫 CyberScoop | https://cyberscoop.com/ipidea-proxy-network-disrupted-google-lumen/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/crypto-wallets-received-a-record-158-billion-in-illicit-funds-last-year/
📰 The Hacker News | https://thehackernews.com/2026/01/badges-bytes-and-blackmail.html
US Policy Shifts and Microsoft's NTLM Retirement 🏛️
- The White House's OMB rescinded Biden-era mandates for Software Bills of Materials (SBOMs) and software attestation, arguing they prioritised compliance over genuine security, sparking debate among security professionals about the potential impact on software supply chain security.
- CISA faced scrutiny for releasing insider threat guidance shortly after its acting director, Madhu Gottumukkala, reportedly uploaded sensitive documents to a public ChatGPT instance, highlighting a potential disconnect between policy and practice.
- Microsoft announced plans to disable the 30-year-old NTLM authentication protocol by default in future Windows releases, phasing it out in favour of more secure Kerberos-based alternatives due to NTLM's inherent vulnerabilities to relay and pass-the-hash attacks.
⚫ Dark Reading | https://www.darkreading.com/application-security/trump-administration-rescinds-biden-era-sbom-guidance
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/29/cisa_insider_threat_guidance/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-ntlm-by-default-in-future-windows-releases/
AI Security and Developer Challenges 💡
- A BellSoft survey indicates nearly half of Java developers prefer delegating container security to vendors of hardened containers, despite security being the most important factor in image choice and 23% experiencing container-related incidents.
- An op-ed argues that the US can win the AI race against China not just through advanced models, but by leveraging its robust private-sector cybersecurity industry, which fosters trust and security through real-world threat exposure and market-driven defence.
- Tenable introduced "Tenable One AI Exposure" to its exposure management portfolio, designed to detect, map, and govern the use of agentic and generative AI platforms across enterprise infrastructure, addressing concerns about shadow AI and data leakage.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/30/java_developers_container_security/
🤫 CyberScoop | https://cyberscoop.com/ai-race-china-us-cloud-cybersecurity-trust-security-op-ed/
⚫ Dark Reading | https://www.darkreading.com/cyber-risk/tenable-tackles-ai-governance-shadow-ai-risks-data-exposure
#CyberSecurity #ThreatIntelligence #ZeroDay #RCE #Vulnerability #Malware #APT #AndroidSecurity #IISSecurity #DataBreach #EconomicEspionage #IPTheft #Cybercrime #LawEnforcement #SBOM #NTLM #MicrosoftSecurity #AISecurity #ContainerSecurity #InfoSec
Java developers want container security, just not the job that comes with it
https://www.theregister.com/2026/01/30/java_developers_container_security/
#Infosec #Security #Cybersecurity #CeptBiro #JavaDevelopers #ContainerSecurity
Your MCP server might be the weakest link—here's the data. @josh.bressers.name scanned 161 MCP images and found 9,000 vulns / 263 criticals. Read the breakdown and fixes: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/
Some fantastic news to start the week
I'm looking forward to bringing that energy to Container Days London next month.
I'll be co-presenting "Anatomy of a Container Breach: A Live Hacking and Defense Demo"
If you're going to be in London, let's connect!
#SpeakerAchievement #ContainerSecurity
The wagers are in, and for many DevSecOps teams, the scores are looking a little lean. While containerization is the category of the year, the clues from 250 DevSecOps leaders show that many are still struggling to clear the board of CVEs and risk.
#ActiveState #DevSecOps #ContainerSecurity #VulnerabilityManagement #CyberSecurity2026
@josh.bressers.name scanned 161 MCP containers. Found 9,000 vulnerabilities. 263 were critical.
"Software ages like milk, not wine." His analysis breaks down what's actually being deployed in the MCP ecosystem—and what to do about it.
https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/
MCP is having a moment. @josh.bressers.name wanted to know: what are we actually shipping?
9,000 vulns
263 critical findings
36K+ NPM packages
Outdated base images
Not fear-mongering—just data-driven reality. Read his analysis: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/
Your MCP server might be the weakest link—here's the data. @josh.bressers.name scanned 161 MCP images and found 9,000 vulns / 263 criticals. Read the breakdown and fixes: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/
@josh.bressers.name scanned 161 MCP containers. Found 9,000 vulnerabilities. 263 were critical.
"Software ages like milk, not wine." His analysis breaks down what's actually being deployed in the MCP ecosystem—and what to do about it.
https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/
Docker Inc. has made its catalog of over 1,000 hardened container images free and open source under Apache 2.0, built on Debian and Alpine for superior security with minimal vulnerabilities. 🚀🔒 Developers, enterprises like Adobe and Crypto.com, and the community now get secure-by-default foundations—no paywalls or lock-in. AI tools even recommend swaps for existing setups. Details: https://www.heise.de/en/news/Docker-Inc-makes-hardened-images-available-for-free-11118887.html #Docker #ContainerSecurity #OpenSource #Newz
Docker Inc. macht gehärtete Docker-Images jetzt kostenlos verfügbar! 🛡️ Diese minimalisierten Abbilder reduzieren die Angriffsfläche und stärken die Container-Sicherheit für alle Entwickler.
https://www.heise.de/news/Docker-Inc-macht-gehaertete-Abbilder-kostenlos-verfuegbar-11118764.html
MCP is having a moment. @josh.bressers.name wanted to know: what are we actually shipping?
9,000 vulns
263 critical findings
36K+ NPM packages
Outdated base images
Not fear-mongering—just data-driven reality. Read his analysis: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/
Docker vừa công bố tích hợp ảnh container được phân quyền (DHI) miễn phí và mã nguồn mở cho tất cả. Ưu điểm: Ảnh nền an toàn, tối giản, xây dựng trên Alpine và Debian, có SBOM/SLSA Level 3, minh bạch 100% CVE, giấy phép Apache 2.0. Giai đoạn trả phí vẫn còn cho SLA nghiêm ngặt, FIPS/STIG, vá lỗi dài hạn. Bước tiến lớn cho container an toàn mặc định. #Docker #ContainerSecurity #MãNguồnMở #Linux #TechNews
**Tags**: #Docker #ContainerSecurity #OpenSource #Linux #TechNews | #DockerVi #BảoMậtConta
If containers are now the backbone of modern delivery, why are we still securing them as an afterthought? 🤔
This article walks through a bottom-up hardening process that removes unnecessary components, verifies everything from source, and gives teams a security posture that’s proactive.
#DevSecOps #ContainerSecurity #SoftwareSupplyChain #SecureByDesign #CloudNativeSecurity #CICD #PlatformEngineering #OpenSourceSecurity #ActiveState
Your MCP server might be the weakest link—here's the data. @josh.bressers.name scanned 161 MCP images and found 9,000 vulns / 263 criticals. Read the breakdown and fixes: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/
**Last Chance! We start in ONE HOUR!** ⏳Neil Levine and Nurit from Echo are ready to show you the proactive path to container security.
Get the playbook for eliminating vulnerabilities at the source and keep it that way.
Join us LIVE:** https://go.anchore.com/anchore-and-echo.html
#hardenedimages #ContainerSecurity #Anchore #Echo
MCP is having a moment. @josh.bressers.name wanted to know: what are we actually shipping?
9,000 vulns
263 critical findings
36K+ NPM packages
Outdated base images
Not fear-mongering—just data-driven reality. Read his analysis: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/
🚨 **Final Call: Just 24 Hours Until Our Live Demo!** 🚨
Tomorrow, us and our friends at Echo are showing you how to quit the vulnerability patching cycle for good. If your team is buried under a backlog of container vulnerabilities, you need to see this demo on **root-cause elimination.** We'll show you the power of CVE-free base images and comprehensive SBOMs.
Don't miss "From Reactive Scanning to Proactive Security."
Register... https://go.anchore.com/anchore-and-echo.html #DevSecOps #ContainerSecurity #FinalCall
The EU Cyber Resilience Act (CRA) is about to fundamentally change how software teams build and ship products in the EU.
We break down how teams can prepare without slowing innovation.
Link to the full guide: https://www.activestate.com/blog/eu-cyber-resilience-act-and-secure-open-source-and-containers/
#EUCRA #DevSecOps #OpenSourceSecurity #SecureSoftware #ContainerSecurity
