#Docker

2 articles

36 Malicious npm Packages Disguised as Strapi Plugins Target the Guardarian Ecosystem

Researchers discovered 36 npm packages posing as legitimate Strapi CMS plugins. In 13 hours of rapid evolution, 8 payload variants were deployed: Redis RCE, Docker escape, credential theft, and a persistent implant targeting the Guardarian fintech ecosystem.

April 7, 2026

Vulnerabilities 5 min read

CVE-2026-34040: Authorization Plugin Bypass in Docker Engine

CVE-2026-34040 (CVSS 8.8) allows bypassing AuthZ plugins in Docker Engine. An incomplete fix for a previous maximum-severity vulnerability. Learn which versions are affected and how to protect your infrastructure.

April 7, 2026