In today’s software-driven economy, securing software supply chains
is no longer optional, it’s mission-critical.Yet enterprises often
struggle to balance developer speed and security.According to
theCUBE Research, 95% of organizations say Docker
improved their ability to identify and remediate vulnerabilities,
while 79% rate it highly effective at maintaining
compliance with security standards.Docker embeds security directly
into the developer workflow so that protection happens by default,
not as an afterthought. At the foundation are Docker
Hardened Images, which are ultra-minimal, continuously In today’s software-driven economy, securing software supply chains
is no longer optional, it’s mission-critical.Yet enterprises often
struggle to balance developer speed and security.According to
theCUBE Research, 95% of organizations say Docker
improved their ability to identify and remediate vulnerabilities,
while 79% rate it highly effective at maintaining
compliance with security standards.Docker embeds security directly
into the developer workflow so that protection happens by default,
not as an afterthought. At the foundation are Docker
Hardened Images, which are ultra-minimal, continuously 
On November 21, 2025, security researchers detected the beginning
of what would become one of the most aggressive npm supply chain
attacks to date.The Shai Hulud 2.0 campaign compromised over 25,000
GitHub repositories within 72 hours, targeting packages from major
organizations including Zapier, ENS Domains, PostHog, and
Postman.The malware’s self-propagating design created a compounding
threat that moved at container speed, not human speed. This variant
executed during npm’s preinstall phase, harvesting developer
credentials, GitHub tokens, and cloud provider secrets before
packages even finished installing.Stolen credentials 
On November 12-14, the Docker team was out in numbers at
JFrog SwampUP Berlin 2025.We joined
technical sessions, put on a fireside chat, and had conversations
with attendees there.We’d like to thank the folks at JFrog for
having us there and putting on such a great show! Here’s our
takeaways from the event about software supply chain
security trends:
Software supply chain attacks reach unprecedented scale leveraging open source packages
An analysis of recent software supply
On November 19, 2025, the Golang project published two Common
Vulnerabilities and Exposures (CVEs) affecting the widely-used
golang.org/x/crypto/ssh package.While neither vulnerability
received a critical CVSS score, both presented real risks to
applications using SSH functionality in Go-based containers.
CVE-2025-58181 affects SSH
servers parsing GSSAPI authentication requests.The vulnerability
allows attackers to trigger unbounded memory consumption by
exploiting the server’s failure to validate the number of
mechanisms specified in authentication requests.CVE-2025-47914 impacts SSH Agent servers that
When I started incorporating AI tools into my workflow, I was first
frustrated.I didn’t get the 5x or 10x gains others raved about on
social.In fact, it slowed me down. But I persisted.Partly because I
see it as my professional duty as a software engineer to be as
productive as possible, partly because I’d volunteered to be a
guinea pig in my organization. After wrestling with it for some
time, I finally got my breakthrough discovery—the way to use Weitere Beiträge ...
- KubeCon EU 2024: Highlights from Paris
- Empower Your Development: Dive into Docker’s Comprehensive Learning Ecosystem
- OpenSSH and XZ/liblzma: A nation-state attack was thwarted, what did we learn?
- Building a Video Analysis and Transcription Chatbot with the GenAI Stack
- containerd vs. Docker: Understanding Their Relationship and How They Work Together
Seite 2 von 24