Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks

The Hacker News by The Hacker News
August 12, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Aug 12, 2025Ravie LakshmananMalware / Container Security

New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident.

More troubling is the fact that other images have been built on top of these infected base images, effectively propagating the infection further in a transitive manner, Binarly REsearch said in a report shared with The Hacker News.

The firmware security company said it discovered a total of 35 images that ship with the backdoor. The incident once again highlights the risks faced by the software supply chain.

The XZ Utils supply chain event (CVE-2024-3094, CVSS score: 10.0) came to light in late March 2024, when Andres Freund sounded the alarm on a backdoor embedded within XZ Utils versions 5.6.0 and 5.6.1.

Cybersecurity

Further analysis of the malicious code and the broader compromise led to several startling discoveries, the first and foremost being that the backdoor could lead to unauthorized remote access and enable the execution of arbitrary payloads through SSH.

Specifically, the backdoor — placed in the liblzma.so library and used by the OpenSSH server — was designed such that it triggered when a client interacts with the infected SSH server.

By hijacking the RSA_public_decrypt function using the glibc’s IFUNC mechanism, the malicious code allowed an attacker possessing a specific private key to bypass authentication and execute root commands remotely,” Binarly explained.

The second finding was that the changes were pushed by a developer named “Jia Tan” (JiaT75), who spent almost two years contributing to the open-source project to build trust until they were given maintainer responsibilities, signaling the meticulous nature of the attack.

“This is clearly a very complex state-sponsored operation with impressive sophistication and multi-year planning,” Binary noted at the time. “Such a complex and professionally designed comprehensive implantation framework is not developed for a one-shot operation.”

The latest research from the company shows that the impact of the incident continues to send aftershocks through the open-source ecosystem even after all these months.

This includes the discovery of 12 Debian Docker images that contain one of the XZ Utils backdoor, and another set of second-order images that include the compromised Debian images.

Identity Security Risk Assessment

Binarly said it reported the base images to the Debian maintainers, who said they have “made an intentional choice to leave these artifacts available as a historical curiosity, especially given the following extremely unlikely (in containers/container image use cases) factors required for exploitation.”

However, the company pointed out that leaving publicly available Docker images that contain a potential network-reachable backdoor carries a significant security risk, despite the criteria required for successful exploitation – the need for network access to the infected device with the SSH service running.

“The xz-utils backdoor incident demonstrates that even short-lived malicious code can remain unnoticed in official container images for a long time, and that can propagate in the Docker ecosystem,” it added.

“The delay underscores how these artifacts may silently persist and propagate through CI pipelines and container ecosystems, reinforcing the critical need for continuous binary-level monitoring beyond simple version tracking.”



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
AI-Enhanced Competitive Intelligence Key to Secure Market Position in 2025, Says Info-Tech Research Group

AI-Enhanced Competitive Intelligence Key to Secure Market Position in 2025, Says Info-Tech Research Group

Recommended.

Google wins multimillion-pound contract to supply sovereign cloud services to Nato | Computer Weekly

Google wins multimillion-pound contract to supply sovereign cloud services to Nato | Computer Weekly

November 24, 2025
Nvidia Vera Rubin: 9 Hardware, Cloud Companies Building Out Ecosystem

Nvidia Vera Rubin: 9 Hardware, Cloud Companies Building Out Ecosystem

January 12, 2026

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio