Tag: kubernetes
-
TeamPCP Backdoors LiteLLM Versions 1.82.71.82.8 via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor.Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on…
-
TeamPCP Backdoors LiteLLM Versions 1.82.71.82.8 Likely via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor.Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on…
-
Sysdig feiert 10-jähriges Jubiläum von Falco mit einer 70.000 US-Dollar-Spende
Sysdig gab bekannt, dass das Unternehmen im Rahmen der Crowdfunding-Initiative der Linux Foundation eine Spende in Höhe von 70.000 US-Dollar an das Falco-Projekt übergibt. Die Spende erfolgt anlässlich des 10-jährigen Jubiläums von Falco und kurz nach einer Umfrage der Cloud Native Computing Foundation (CNCF), aus der hervorgeht, dass 82 Prozent der KI-Workloads mittlerweile auf Kubernetes…
-
NVIDIA puts GPU orchestration in community hands
GPU-accelerated AI workloads now run on Kubernetes in the large majority of enterprise environments. Managing those workloads at scale has required specialized tooling that, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/24/nvidia-kubernetes-gpu-driver-community/
-
TeamPCP Unleashes Iran-Targeted CanisterWorm Kubernetes Wiper
CanisterWorm’s latest evolution turns TeamPCP’s cloud-native toolkit into a geopolitically tuned wiper, capable of bricking entire Kubernetes clusters when it lands on systems configured for Iran. The campaign reuses the same Internet Computer Protocol (ICP) canister C2 and backdoor infrastructure seen in the earlier Trivy and NPM CanisterWorm incidents. However, it now adds selective destruction…
-
Wenn KI auf Kubernetes trifft: Sysdig feiert 10 Jahre Falco
Diese Jubiläumsankündigung zeigt vor allem eines: Open Source lebt von Engagement und von Unternehmen, die bereit sind, Verantwortung für die Technologien zu übernehmen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-ki-auf-kubernetes-trifft-sysdig-feiert-10-jahre-falco/a44262/
-
New CanisterWorm Targets Kubernetes Clusters, Deploys “Kamikaze” Wiper
CanisterWorm spreads via npm supply chain attack, hijacks developer accounts, targets Kubernetes clusters, and deploys destructive Kamikaze wiper payload. First seen on hackread.com Jump to article: hackread.com/canisterworm-kubernetes-clusters-kamikaze-wiper/
-
TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects systems configured for Iran. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/teampcp-deploys-iran-targeted-wiper-in-kubernetes-attacks/
-
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments.The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library.”New image tags 0.69.5 and…
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
When Do We Actually Need a Kubernetes Platform Team?
Tags: kubernetes<div cla Many teams start by running Kubernetes with a few enthusiastic engineers and some shared clusters. As those clusters become critical to your operations, you eventually have to decide when you actually need a dedicated Kubernetes platform team instead of ad”‘hoc ownership. This post explains what a Kubernetes platform team does, the signs your…
-
Delinea’s StrongDM Acquisition Highlights the Changing Role of PAM
StrongDM, which injects ephemeral, real-time credentials into developer workflows, will enable Delinea to offer privilege access management across cloud, SaaS, Kubernetes, and database environments. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/delinea-strongdm-acquisition-highlights-changing-role-pam
-
Delinea’s StrongDM Acquisition Highlights the Changing Role of PAM
StrongDM, which injects ephemeral, real-time credentials into developer workflows, will enable Delinea to offer privilege access management across cloud, SaaS, Kubernetes, and database environments. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/delinea-strongdm-acquisition-highlights-changing-role-pam
-
Codenotary Trust delivers autonomous AI security for Linux and Kubernetes
Codenotary has announced Codenotary Trust, a unified SaaS platform that uses AI to instantly detect, prioritize, and autonomously fix security, configuration, and performance … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/05/codenotary-trust-saas-platform/
-
DPRK Hackers Target Crypto Firms, Steal Keys and Cloud Assets in Coordinated Attacks
Suspected DPRK-linked threat actors have been observed compromising cryptocurrency firms through a coordinated campaign that blends web-app exploitation, cloud abuse, and secrets theft to position for large”‘scale digital asset theft. The intrusions show a full kill chain from initial access via the React2Shell vulnerability (CVE”‘2025″‘55182) to deep AWS and Kubernetes reconnaissance and exfiltration of proprietary…
-
VoidLink Malware Framework Targets Kubernetes and AI Workloads in New Cyber Attack Wave
VoidLink marks a turning point in how adversaries target Kubernetes and AI workloads, signaling a shift toward cloud-native, AI-aware malware frameworks that live where modern value is created: inside containers, pods, and GPU clusters.research. It fingerprints its surroundings to detect major clouds such as AWS, GCP, Azure, Alibaba, and Tencent, and distinguishes whether it is…
-
VoidLink Malware Framework Targets Kubernetes and AI Workloads in New Cyber Attack Wave
VoidLink marks a turning point in how adversaries target Kubernetes and AI workloads, signaling a shift toward cloud-native, AI-aware malware frameworks that live where modern value is created: inside containers, pods, and GPU clusters.research. It fingerprints its surroundings to detect major clouds such as AWS, GCP, Azure, Alibaba, and Tencent, and distinguishes whether it is…
-
How to Move from Clusters that Mostly Work to Production”‘Ready EKS
<div cla Kubernetes on Amazon Elastic Kubernetes Service (EKS) is powerful, but it is not simple. Many teams I talk to are stuck somewhere between “we are only 2 versions behind” and “I’m terrified to touch anything.” The Fairwinds Amazon EKS Infrastructure Design Assessment exists to close that gap and give you production”‘ready Kubernetes infrastructure…
-
Is It Time to Take the Leap Migrate from Heroku to Kubernetes?
<div cla Salesforce recently announced that it’s ending sales of new Heroku Enterprise contracts and shifting the service into more of a sustaining, maintenance”‘focused posture. While it’s not an immediate wind”‘down, it’s a clear signal that Heroku’s long”‘term roadmap is narrowing for many enterprise customers. For teams still relying on Heroku for business”‘critical workloads, that…
-
TeamPCP Turns Cloud Misconfigurations Into a Self-Propagating Cybercrime Platform
Tags: api, attack, cloud, cyber, cybercrime, data-breach, docker, group, infrastructure, kubernetes, malware, threat, vulnerabilityTeamPCP, operating under aliases including PCPcat, ShellForce, and DeadCatx3, emerged in late 2025 as a cloud-native cybercrime operation that transforms misconfigured infrastructure into automated attack platforms. Unlike traditional malware groups, this threat actor doesn’t break into systems they walk through doors left open by exposed Docker APIs, Kubernetes clusters, Ray dashboards, Redis servers, and React2Shell-vulnerable…
-
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Tags: api, cloud, cybersecurity, data-breach, docker, exploit, infrastructure, kubernetes, malicious, wormCybersecurity researchers have called attention to a “massive campaign” that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation.The activity, observed around December 25, 2025, and described as “worm-driven,” leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosed First seen on thehackernews.com Jump…
-
Four new vulnerabilities found in Ingress NGINX
Tags: access, api, authentication, container, cve, cybersecurity, data, exploit, group, injection, jobs, kubernetes, malicious, risk, service, strategy, vulnerabilitycustom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-errors backend is defective and fails to respect the X-Code HTTP header, then an Ingress with the auth-url annotation may be accessed even when authentication fails.CVE-2026-24512 is a configuration injection vulnerability where the rules.http.paths.path Ingress field can be used to inject configuration into nginx.…
-
Ingress-Nginx Vulnerability Enables Code Execution in Kubernetes
An ingress-nginx flaw could allow code execution and access to Kubernetes Secrets. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ingress-nginx-vulnerability-enables-code-execution-in-kubernetes/
-
Shai-Hulud & Co.: The software supply chain as Achilles’ heel
Tags: access, ai, application-security, attack, backdoor, ciso, cloud, credentials, cyber, github, Hardware, identity, infrastructure, kritis, kubernetes, malicious, network, nis-2, programming, risk, rust, sbom, software, strategy, supply-chain, threat, tool, vulnerability, wormThe polyglot supply chain attack: The most frightening prospect, however, is the convergence of these threats in a polyglot supply chain attack. Currently, security teams operate in isolation. AppSec monitors the code, CloudSec monitors the cloud, NetworkSec monitors the perimeter. A polyglot attack is designed to seamlessly break through these silos.This happens as follows: A…
-
Startup Amutable plotting Linux security overhaul to counter hacking threats
Tags: attack, backdoor, ceo, cloud, computer, computing, container, cve, cybercrime, data, exploit, fortinet, hacking, infrastructure, kubernetes, linux, microsoft, open-source, skills, software, startup, supply-chain, technology, threat, tool, training, vpn, vulnerabilitysystemd, he has alongside him two other ex-Microsoft employees, Chris Kühl as CEO, and Christian Brauner as CTO.A clue to Amutable’s plans lies in the announcement’s emphasis on some of its founders’ backgrounds in Kubernetes, runc, LXC, Incus, and containerd, all connected in different ways to the Linux container stack. Computing is full of security…