OPA Gatekeeper is an essential tool that provides out-of-the-box security policies for Kubernetes, but Aqua Security’s research highlights critical flaws that may allow attackers to evade restrictions.

Researchers found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys.

The TeamTNT cryptojacking group is preparing for a new large-scale campaign targeting cloud-native environments to mine cryptocurrencies and rent out breached servers to third parties.

A new Linux malware named Hadooken is targeting Oracle WebLogic servers, dropping Tsunami malware and deploying a cryptominer. WebLogic servers are vulnerable to cyberattacks due to flaws like deserialization and weak access controls.

Cryptojacking attackers are targeting poorly secured PostgreSQL databases on Linux systems. According to Aqua Security researchers, the attack begins with brute-force attempts to gain access to the database credentials.

Hackers are targeting misconfigured Jupyter Notebooks using a repurposed Minecraft DDoS tool known as mineping. The attack, dubbed Panamorfi, involves utilizing a Java tool to launch a TCP flood DDoS attack against vulnerable Jupyter Notebooks.

Real-world attacks have been observed where attackers target the Kubelet API to steal secrets and gain control over clusters. Various techniques, such as environment discovery, network scanning, and secrets collection, have been utilized by hackers.

Major secrets, including cloud environment credentials, internal infrastructures, and telemetry platforms, have been found exposed on the internet due to Git-based processes and Source Code Management (SCM) platforms behavior.

A remote code execution vulnerability, CVE-2023-33246, was discovered for RocketMQ versions 5.1.0 and below, allowing attackers to execute commands within the system using the update configuration function.

The interaction between Ubuntu’s command-not-found package and the snap package repository poses a significant security risk, potentially leading to the recommendation of malicious packages to users.