news
Breaking Cyber News From Cyberint
Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.
- All Items
- Handala
- Business Services
- Israel
- Asia
- Data Encrypted For Impact
- Jobinfo
- Middle East
- Shelter Locations In Israel
- Saudi Games
- Retail
- Saudi Arabia
- Cyber Fattah Team
- Ben Horin & Alexandrovitz
- Zachary Levi And Sons - Construction
- Sivim It
- Government
- Kibbutz Almog
- Manufacturing
- Saban Brands Israel
- Digitalghost
- Mprest
- Evil_Byte
- The Knesset
- Gonjeshke Darande
- Nobitex
- Indonesia
- Sentap
- exclusive
- Kimia Farma
- South-Eastern Asia
- Chemicals And Allied Products
- Sweden
- Scania
- Northern Europe
- Europe
- Transportation
- Hensi
- Tbn Israel
- Media
- Weizmann Institute Of Science
- Education
- Resistancetrench
- Israeli Air Force
- Dienet
- Israel Antiquities Authority
- United States
- Cve-2025-24016
- Mirai
- North America
- CVE-2025-24016
- Wazuh
- Clayoxtymus1337
- Epsilor Electric Fuel
- Technology
- Southern Asia
- Advanced Weapons And Equipment India
- India
- More_Eggs
- Fin6
- Cryptocurrency
- Alex Lab
- Zoldyck
- United Kingdom
- Critical Infrastructures
- Edf Energy
- Match Legitimate Name Or Location
- Amos
- Disable Or Modify Tools
- Sudo And Sudo Caching
- Spearphishing Link
- Spectrum
- Ingress Tool Transfer
- Telecommunications
- Unix Shell
- Credentials In Files
- Israel Defense Forces
- Ghna
- Coca-Cola Europacific Partners
- Food And Kindred Products
- Italy
- Locauto
- Automotive
- Southern Europe
- Mercadona
- Whitecoat
- Spain
- Wow Health Solutions
- Ups
- Healthcare
- Cyprus Airways
- Rip_Real_World
- Netsupport Rat
- Tel Aviv University
- Illeak
- Desec0X
- Yashma
- Numero
- Lucky_Gh0$T
- Cyberlock
- Unc6032
- Chaos
- Deloitte
- 303
- Gucci
- Eddiestealer
- Obfuscated Files Or Information
- Phishing
- Data From Local System
- Virtualization/Sandbox Evasion
- File And Directory Discovery
- Credentials From Password Stores
- Command And Scripting Interpreter
- Input Capture
- Drive-By Compromise
- Screen Capture
- Windows Credential Manager
- Password Managers
- Credentials From Web Browsers
- Exfiltration Over C2 Channel
- User Execution
- System Information Discovery
- W_Tchdogs
- Superloop
- Australia
- Australia And New Zealand
- Resource Hijacking
- Remote System Discovery
- Network Service Discovery
- Deploy Container
- Escape To Host
- Docker
- Change Default File Association
- Lateral Tool Transfer
- Exploitation For Client Execution
- Smb/Windows Admin Shares
- Exploit Public-Facing Application
- Web Protocols
- External Remote Services
- Bitdefender
- Eastern Europe
- Romania
- Venom Rat
- Cameleon
- Financial Theft
- Vicioustrap
- Cisco
- Cve-2023-20118
- CVE-2023-20118
- Macao Special Administrative Region
- Eastern Asia
- Cve-2025-0944
- CVE-2025-0944
- Tetraloader
- Trimble
- Uat-6382
- Powershell
- Process Discovery
- China
- File Deletion
- Malicious File
- Reflective Code Loading
- Dynamic-Link Library Injection
- Obfuscated Files Or Information: Encrypted Or Encoded Data
- Silver Fox
- Valleyrat
- Masquerade Task Or Service
- Regsvr32
- Rundll32
- Scheduled Task
- Trickbot
- Bumblebee
- Warmcookie
- Danabot
- Qakbot
- Cetus
- Purehvnc
- Bytebreaker
- Viralgod
- Latin America And The Caribbean
- Telcel
- Mexico
- Peter Green Chilled
- Cellcom
-
May 28, 2025
Cryptojacking Campaign Targets Misconfigured Docker APIs
A new malware campaign has emerged, targeting misconfigured Docker API instances to create a cryptocurrency mining botnet focused on mining Dero currency. The threat actor exploits insecurely published Docker APIs to gain access to running containerized infrastructures, propagating the malware through a worm-like mechanism to infect other exposed Docker instances. The attack utilizes two main components: a propagation malware named 'nginx' that scans for vulnerable Docker APIs, and a 'cloud' Dero cryptocurrency miner. This campaign has been linked to previous cryptojacking operations and poses a significant risk to any network with insecure Docker APIs.
