The segmentation into attack vectors is interesting. But images from individuals on something like DockerHub have always been untrusted. I expected to read here about recent compromised official DockerHub library images.
I don't see how that threat is new or now more pressing than ever. How would you even count something like `docker pull vesnpsexga/joomla` as typosquatting vs. `docker pull joomla`? It's not even close.
Users should limit there container runtime/podman/docker access to docker.io/library or use a pull-thru caching feature of their own registry to bring in stuff from hand-selected places in public registries like docker.io or quay.io to environments behind the firewall.
Looks like they updated a bunch of their landing pages. Their UI for paying users to browser buckets and computer backups hasn't changed at all. So what?
I don't see how that threat is new or now more pressing than ever. How would you even count something like `docker pull vesnpsexga/joomla` as typosquatting vs. `docker pull joomla`? It's not even close.
Users should limit there container runtime/podman/docker access to docker.io/library or use a pull-thru caching feature of their own registry to bring in stuff from hand-selected places in public registries like docker.io or quay.io to environments behind the firewall.