Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals (Tue, 22 Apr 2025)
Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace
and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners like XMRig to illicitly profit off the compute resources. This involves deploying a malware strain
>> Read more
GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages (Tue, 22 Apr 2025)
Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow
orchestration service that's based on Apache Airflow. "This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account,
which
>> Read more
5 Major Concerns With Employees Using The Browser (Tue, 22 Apr 2025)
As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for
more than 70% of modern malware attacks. Keep Aware’s recent State of Browser Security report highlights major concerns security leaders face with employees using the web browser for most of their
work.
>> Read more
Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials (Tue, 22 Apr 2025)
In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and
redirect message recipients to fraudulent sites that harvest their credentials. "The first thing to note is that this is a valid, signed email – it really was sent from no-reply@google.com," Nick
Johnson
>> Read more
Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach (Tue, 22 Apr 2025)
Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID
signing service as well. The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to
>> Read more