Three serious vulnerabilities in the runC container runtime could allow attackers to bypass isolation and gain root access to the host system. The flaws affect multiple versions of runC, with potential exploits requiring the ability to configure custom mounts. While no active exploitation has been reported, developers recommend using mitigations like user namespaces and rootless containers.

This article outlines a series of ten hands-on labs focused on Model Context Protocol (MCP) vulnerabilities, each based on real-world exploits. It provides both vulnerable and secure implementations, allowing users to reproduce attacks and understand mitigation strategies in a practical setting. Comprehensive instructions and proof captures accompany each challenge.

Hard-coded secrets in Docker images pose significant security risks, as they can be inadvertently leaked and exploited by attackers. A recent analysis of 15 million Docker images on DockerHub revealed over 100,000 valid secrets, many of which date back years, highlighting the need for organizations to regularly audit their Docker images to prevent potential breaches.

Echo offers CVE-free base images for Dockerfiles that are automatically patched and hardened, ensuring that enterprises can quickly reduce their vulnerability counts to zero. Their solution is designed for long-term support, making cloud security management more efficient and attractive.

The article discusses a critical vulnerability in the GitHub Model Context Protocol (MCP) integration that allows attackers to exploit AI assistants through prompt injection attacks. By creating malicious GitHub issues, attackers can hijack AI agents to access private repositories and exfiltrate sensitive data, highlighting the inadequacy of traditional security measures and the need for advanced protections like Docker's MCP Toolkit.