Original Research
This section showcases original cybersecurity research focusing primarily on cloud-native environments. The research covers vulnerability assessments, security misconfigurations, supply chain security, and real-time threat intelligence reports documenting active attack campaigns targeting cloud-native infrastructure worldwide. Our methodology involves deploying and maintaining a global network of hundreds of honeypots to capture, analyze, and document attack patterns, malware artifacts, and adversary behaviors, generating actionable intelligence and thought leadership for the security community.
Investigate and Respond to Sobolan Malware with Aqua Security
By Assaf Morag
Learn how to analyze and mitigate Sobolan malware attacks using Aqua's security tools and incident response capabilities.
Read More βAI-Generated Malware in Panda Image Hides Persistent Linux Threat
By Assaf Morag
New research reveals how threat actors are using AI-generated malware hidden in container images to create persistent backdoors on Linux systems.
Read More βTomcat in the Crosshairs: New Research Reveals Ongoing Attacks
By Assaf Morag
Apache Tomcat servers are being actively targeted by threat actors in a new campaign that exploits misconfigurations and vulnerabilities.
Read More βStopping Sobolan Malware with Aqua Runtime Protection
By Assaf Morag
Aqua Nautilus researchers have discovered a new attack campaign targeting interactive computing environments such as Jupyter Notebooks.
Read More βInvestigate and Respond to Sobolan Malware
By Assaf Morag
Comprehensive guide on how to investigate and respond to Sobolan malware incidents using Aqua Security tools and incident response best practices.
Read More βMatrix Unleashes A New Widespread DDoS Campaign
By Assaf Morag
Threat actors are leveraging misconfigured servers to launch distributed denial-of-service attacks at an unprecedented scale.
Read More βThreat Actors Hijack Misconfigured Servers for Live Sports Streaming
By Assaf Morag
Cybercriminals are exploiting misconfigured servers to host illegal live sports streaming services, generating revenue while evading detection.
Read More βTeamTNT's Docker Gatling Gun Campaign
By Assaf Morag
The notorious TeamTNT threat group has launched a new campaign targeting Docker environments with automated attack tools.
Read More βUndetected Secrets Expose Major Corporations
By Ilay Goldman & Yakir Kadkoda
Hard-coded secrets in container images and applications are exposing Fortune 500 companies to significant security risks.
Read More βTeamTNT Reemerged with New Aggressive Cloud Campaign
By Assaf Morag
The threat group TeamTNT has returned with a new aggressive campaign targeting cloud-native infrastructure, demonstrating evolved attack techniques.
Read More βThe Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets
By Assaf Morag & Yakir Kadkoda
Millions of Kubernetes secrets are exposed through misconfigured registries, creating a massive supply chain attack vector.
Read More β2023 Nautilus Cyber Security Report - Insights Revealed
By Aqua Nautilus
Comprehensive analysis of cybersecurity threats and trends based on Aqua Nautilus research throughout 2023.
Read More β250M Artifacts Exposed via Misconfigured Registries
By Mor Weinberger & Assaf Morag
A comprehensive security research reveals that over 250 million container artifacts are exposed due to misconfigured registries, putting Fortune 500 companies at risk.
Read More βHeadCrab: A Novel State-of-the-Art Redis Malware
By Assaf Morag
Aqua Nautilus discovers a sophisticated Redis backdoor malware that has been operating undetected, compromising servers worldwide.
Read More βHeadCrab 2.0: Evolving Threat in Redis Malware Landscape
By Assaf Morag
The HeadCrab malware has evolved into version 2.0, demonstrating enhanced capabilities and more sophisticated evasion techniques in targeting Redis servers.
Read More βNew Vulnerability in curl and libcurl Could Lead to Heap Buffer Overflow
By Assaf Morag
Critical vulnerability discovered in curl and libcurl that could lead to heap buffer overflow, affecting millions of applications worldwide.
Read More βpg_mem: A Malware Hidden in the Postgres Processes
By Assaf Morag
A campaign targeting internet-facing Postgres databases exploits weak passwords to deploy malware that hides within Postgres processes, evading detection mechanisms.
Read More βKinsing Malware Exploits Novel OpenFire Vulnerability
By Assaf Morag
The Kinsing malware group is exploiting a newly discovered vulnerability in OpenFire chat servers to gain initial access and deploy cryptomining malware.
Read More βLoony Tunables Vulnerability Exploited by Kinsing
By Assaf Morag
The Kinsing malware group is actively exploiting the critical Loony Tunables vulnerability (CVE-2023-4911) to gain root privileges and establish persistent access to compromised systems.
Read More βProtect Containers from pg_mem Malware with Aqua Runtime Security
By Assaf Morag
Guidance on using Aqua Runtime Security to detect and protect against pg_mem malware that hides within Postgres processes.
Read More βGitHub Action tj-actions/changed-files Compromised
By Assaf Morag
Security alert: The popular GitHub Action tj-actions/changed-files has been compromised, potentially affecting thousands of repositories.
Read More βPanamorfi: A New Discord DDoS Campaign
By Assaf Morag
Discovery of Panamorfi, a new DDoS campaign leveraging Discord infrastructure to launch distributed denial-of-service attacks.
Read More βAqua Nautilus Discovers Redigo β New Redis Backdoor Malware
By Aqua Nautilus
Security researchers uncover a new Redis backdoor malware variant that demonstrates advanced evasion techniques and persistence mechanisms.
Read More βReal-world Cyber Attacks Targeting Data Science Tools
By Assaf Morag
Analysis of actual cyber attacks targeting data science environments, revealing new attack vectors and mitigation strategies.
Read More βThreat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks
By Assaf Morag
Security researchers discover the first known ransomware attack specifically designed to target Jupyter Notebook environments.
Read More β300,000 Prometheus Servers and Exporters Exposed to DoS Attacks
By Assaf Morag
Security research reveals that hundreds of thousands of Prometheus servers and exporters are exposed to denial-of-service attacks due to misconfigurations.
Read More βCVE-2022-42889 Text4shell Apache Commons Vulnerability
By Assaf Morag
Critical vulnerability in Apache Commons Text (CVE-2022-42889), also known as Text4shell, allows remote code execution.
Read More βThreat Alert: Anatomy of SilentBob's Cloud Attack
By Assaf Morag
Deep dive into SilentBob's sophisticated cloud attack campaign, analyzing their tactics, techniques, and procedures for compromising cloud-native environments.
Read More βCryptojacking Cloud Network Bandwidth
By Assaf Morag
Research reveals how threat actors are hijacking cloud network bandwidth for malicious purposes, including cryptojacking and resource abuse.
Read More βRisks of Misconfigured Kubernetes Policy Engines: OPA Gatekeeper
By Assaf Morag
Analysis of security risks associated with misconfigured Open Policy Agent (OPA) Gatekeeper in Kubernetes environments reveals potential bypass scenarios.
Read More βTracee Rules: Detect Attackers Out of the Box
By Assaf Morag
Introduction to Tracee's out-of-the-box detection rules that help security teams identify attacker behavior in containerized environments.
Read More βThreat Alert: Exploited SSH Servers Offered in the Dark Web as Proxy Pools
By Assaf Morag
Research reveals how compromised SSH servers are being sold on dark web markets as proxy pools, enabling anonymous access and malicious activities.
Read More βThe Great Escape: A Blast Radius Analysis of Container Attacks
By Assaf Morag
Analysis of real-world container attacks to determine their blast radius, revealing how attackers escape container environments to compromise underlying hosts.
Read More βThreat Alert: Supply Chain Attacks Using Container Images
By Assaf Morag
Analysis of how threat actors are leveraging container images to launch sophisticated supply chain attacks against organizations.
Read More βJDWP Misconfiguration in Container Images and K8s
By Assaf Morag
Java Debug Wire Protocol (JDWP) misconfiguration in container images exposes production environments to remote code execution risks.
Read More βKubernetes Exposed: Exploiting the Kubelet API
By Assaf Morag
Security research demonstrates how attackers can exploit misconfigured Kubelet APIs to gain unauthorized access to Kubernetes clusters.
Read More βAdvanced Persistent Threat Techniques in Container Attacks
By Assaf Morag
Analysis of how advanced persistent threat (APT) groups are adapting their techniques to target containerized environments and cloud-native infrastructure.
Read More βContainer Security Alert: Campaign Abusing GitHub, DockerHub, Travis CI, Circle CI
By Assaf Morag
Threat actors are conducting a sophisticated campaign that abuses popular CI/CD platforms and code repositories to distribute malicious container images.
Read More βKubernetes Exposed: One YAML Away from Disaster
By Assaf Morag
Research reveals how a single misconfigured YAML file can expose entire Kubernetes clusters to attackers.
Read More βContainer Attacks on Redis Servers
By Assaf Morag
Analysis of attack campaigns specifically targeting Redis servers running in containerized environments reveals new attack vectors and exploitation techniques.
Read More βGitHub Repos Expose Azure and Red Hat Secrets
By Assaf Morag
Security research reveals that GitHub repositories are exposing sensitive secrets including Azure credentials and Red Hat access keys.
Read More βContainer Security: TNT Container Attack
By Assaf Morag
Analysis of TeamTNT's sophisticated container attack techniques reveals their methodology and the evolving threat landscape in containerized environments.
Read More βCVE-2021-3156: Sudo Vulnerability Allows Root Privileges
By Assaf Morag
Critical vulnerability in sudo (CVE-2021-3156) allows unprivileged users to gain root access on Linux systems.
Read More βTravis CI Security: Protecting Your CI/CD Pipeline
By Assaf Morag
Security analysis of Travis CI platform reveals potential vulnerabilities and best practices for securing CI/CD pipelines.
Read More βKubernetes UI Tools Security Threat
By Assaf Morag
Security analysis of popular Kubernetes UI tools reveals potential security risks and attack vectors that could be exploited by threat actors.
Read More βNew Malware in the Cloud by TeamTNT
By Assaf Morag
The notorious TeamTNT threat group continues to evolve their malware capabilities, targeting cloud environments with new sophisticated attack techniques.
Read More βGAFGYT Malware Variant Exploits GPU Power and Cloud-Native Environments
By Assaf Morag
A new variant of the GAFGYT malware family has been discovered that specifically targets GPU resources in cloud-native environments.
Read More βPhishing as a Service to Ramp Up Supply Chain Attacks
By Assaf Morag
Threat actors are increasingly leveraging phishing-as-a-service (PhaaS) platforms to launch sophisticated supply chain attacks against organizations.
Read More βPerfctl: A Stealthy Malware Targeting Millions of Linux Servers
By Assaf Morag & Idan Revivo
Security researchers have discovered Perfctl, a sophisticated malware campaign targeting millions of Linux servers worldwide.
Read More βLeveraging Kubernetes RBAC to Backdoor Clusters
By Assaf Morag
Research reveals how attackers exploit Kubernetes RBAC (Role-Based Access Control) misconfigurations to establish persistent backdoors and maintain unauthorized access to clusters.
Read More βMalicious Container Image: Docker Container Host
By Assaf Morag
Analysis of malicious container images designed to escape containers and compromise the Docker host demonstrates container escape techniques and host-level attacks.
Read More βHadooken Malware Targets WebLogic Applications
By Assaf Morag
Security researchers have discovered a new malware campaign specifically targeting Oracle WebLogic applications.
Read More βThreat Alert: Fileless Malware Executing in Containers
By Idan Revivo & Assaf Morag
Security researchers have identified a new type of attack where malware executes directly from memory within containers, evading common defenses and static scanning.
Read More βThreat Alert: Market-First Container Image Built to Attack Kubernetes Clusters
By Assaf Morag & Gal Singer
Discovery of the first container image specifically designed to attack Kubernetes clusters, marking a new era in cloud-native threats.
Read More β