New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys
Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploitable misconfigurations lead to RCE and data leaks. The post When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps appeared first on Microsoft Security Blog.
Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation
Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data
Patch Urgency Increases as Code to Exploit CVE-2025-1974 Vulnerability PublishedScans reveal that thousands of Kubernetes clusters' Ingress Nginx Controller software remain internet-exposed, which experts said is bad practice. More importantly, the software needs updating to fix a critical vulnerability that can be remotely exploited to seize complete control of a cluster.
Misunderstanding the permissions of an authentication group in Google Kubernetes Engine (GKE) opens millions of containers to anyone with a Google account.
Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks
Exposed Kubernetes (K8s) clusters are being exploited by malicious actors to deploy cryptocurrency miners and other backdoors
The first known cryptojacking operation mining the Dero coin has been found targeting vulnerable Kubernetes container orchestrator infrastructure with exposed APIs. [...]
The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers. [...]
The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments
Misconfiguration practices might make companies lucrative targets for threat actors
Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. [...]
Organizations must ensure their kubelets and related APIs aren’t inadvertently exposed or lack proper access control, offering an easy access point for malicious actors.
While researching cloud-native tools, our Shodan scan revealed over 200,000 publicly exposed Kubernetes clusters and kubelet ports that can be abused by criminals.
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.
Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.