TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects systems configured for Iran. [...]
Kubernetes is an open-source system for managing containers, where misconfigurations and vulnerabilities can expose workloads, secrets, and clusters.
Search across headline titles and summaries.
Background for this topic.
Kubernetes is an open-source platform that automates deploying, scaling, and updating containerized applications across a cluster of machines. It maintains the desired state of workloads, while its control plane assigns work to nodes and manages networking, storage, and service discovery.
Its security depends on several connected layers. The Kubernetes API is a high-value control surface: weak authentication, excessive RBAC permissions, or an exposed dashboard can allow unauthorized changes. Cluster state, including Kubernetes Secrets, is stored in etcd and should be access-controlled and encrypted at rest. Container images and deployment configurations require vulnerability review and trusted-source or admission controls; a privileged container or vulnerable node can increase the risk of escaping workload isolation. Network policies can restrict pod-to-pod communication, while version and node patching, audit logs, and tested access-revocation procedures support detection and response.
Weekly headline count for the current query.
The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects systems configured for Iran. [...]
Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system. [...]
Microsoft warns about the security risks posed by default configurations in Kubernetes deployments, particularly those using out-of-the-box Helm charts, which could publicly expose sensitive data. [...]
Swiss tech company Proton, which provides privacy-focused online services, says that a Thursday worldwide outage was caused by an ongoing infrastructure migration to Kubernetes and a software change that triggered an initial load spike. [...]
A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project. [...]
In an ongoing Kubernetes cryptomining campaign, attackers target OpenMetadata workloads using critical remote code execution and authentication vulnerabilities. [...]
Hackers use a novel method involving RBAC (Role-Based Access Control) to create persistent backdoor accounts on Kubernetes clusters and hijack their resources for Monero crypto-mining. [...]
The first known cryptojacking operation mining the Dero coin has been found targeting vulnerable Kubernetes container orchestrator infrastructure with exposed APIs. [...]
The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers. [...]
Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. [...]
Google says it bumped up rewards for reports of Linux Kernel, Kubernetes, Google Kubernetes Engine (GKE), or kCTF vulnerabilities by adding bigger bonuses for zero-day bugs and exploits using unique exploitation techniques. [...]
A vulnerability in Argo CD, used by thousands of orgs for deploying applications to Kubernetes, can be leveraged in attacks to disclose sensitive information such as passwords and API keys. [...]