Instead, it turns out that it's the "store model" (Docker Hub in this case) and malware injection into that store that the article is really talking about.
The article also seems to talk about misconfigured systems permitting some level of admin access to everyone. That's not really a new "container" class of vulnerability though; it's the equivalent of leaving root ssh open with a weak password or similar.
People are leaving kubernetes/docker/whatever open to the world, and attackers are instructing their servers to download and run these containers.
The complaint is that Docker Hub is hosting the attack code for the attackers. They could have hosted it on their own custom registry server if they wanted. (But why bother if you can just host it on Docker Hub.) In the same vein, they could use GitHub to host their attack code. Or they could put in in an S3 bucket...