https://www.aquasec.com/category/research/ Cloud Native Security, Container Security & Serverless Security Tue, 09 Dec 2025 17:26:11 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 https://www.aquasec.com/blog/critical-cve-in-react-server-components-actively-exploited/ Tue, 09 Dec 2025 17:30:47 +0000 https://www.aquasec.com/?p=27227 A newly disclosed vulnerability in React Server Components (RSC) dubbed as CVE-2025-55182, and also known as React2Shell, has introduced a severe remote code execution (RCE) vector impacting applications built with React 19 and frameworks that rely heavily on RSC, most notably Next.js. The flaw received a CVSS score of 10.0, reflecting its ease of exploitation, …]]> https://www.aquasec.com/blog/kaiji-malware-anatomy-persistence-detection/ Tue, 14 Oct 2025 11:55:48 +0000 https://www.aquasec.com/?p=26744 Kaiji malware has emerged as a significant threat in recent years, particularly targeting Linux-based servers and IoT devices. This malware is designed to exploit internet connected services and devices to gain unauthorized access to systems. Once inside, Kaiji establishes persistence through various techniques, including creating system services and modifying system configurations. Its primary objectives are …]]> https://www.aquasec.com/blog/ai-generated-malware-in-panda-image-hides-persistent-linux-threat/ Thu, 24 Jul 2025 12:03:04 +0000 https://www.aquasec.com/?p=26069 The line between human and machine-generated threats is starting to blur. Aqua Nautilus recently uncovered a malware campaign that hints at this unsettling shift. Koske, a sophisticated Linux threat, shows clear signs of AI-assisted development, likely with help from a large language model. With modular payloads, evasive rootkits, and delivery through weaponized image files, Koske …]]> https://www.aquasec.com/blog/shadow-roles-aws-defaults-lead-to-service-takeover/ Tue, 29 Apr 2025 15:50:31 +0000 https://www.aquasec.com/?p=25312 What if the biggest risk to your cloud environment wasn’t a misconfiguration you made, but one baked into the defaults? Our research uncovered security concerns in the deployment of resources within a few AWS services, specifically in the default AWS service roles. These roles, often created automatically or recommended during setup, grant overly broad permissions, …]]> https://www.aquasec.com/blog/new-campaign-against-apache-tomcat/ Wed, 02 Apr 2025 12:00:28 +0000 https://www.aquasec.com/?p=25090 News headlines reported that it took just 30 hours for attackers to exploit a newly discovered vulnerability in Apache Tomcat servers. But what does this mean for workloads relying on Tomcat? Aqua Nautilus researchers discovered a new attack campaign targeting Apache Tomcat. In this blog, we shed light on newly discovered malware that targets Tomcat …]]> https://www.aquasec.com/blog/stopping-sobolan-with-aqua-runtime-protection/ Mon, 10 Mar 2025 11:48:27 +0000 https://www.aquasec.com/?p=24801 Aqua Nautilus researchers have discovered a new attack campaign targeting interactive computing environments such as Jupyter Notebooks. The attack consists of multiple stages, beginning with the download of a compressed file from a remote server. Once executed, the attacker deploys several malicious tools to exploit the server and establish persistence. This campaign poses a significant …]]> https://www.aquasec.com/blog/risks-misconfigured-kubernetes-policy-engines-opa-gatekeeper/ Mon, 03 Feb 2025 13:55:50 +0000 https://www.aquasec.com/?p=24364 Implementing Kubernetes securely can be a daunting task. Fortunately, there are tools in the K8s toolshed that provide out-of-the-box solutions using a single click. One such tools is OPA Gatekeeper. It is a great out-of-the-box security checkpoint to enforce security policies on Kubernetes. But are users using it correctly? Do they understand its limitations? Our …]]> https://www.aquasec.com/blog/300000-prometheus-servers-and-exporters-exposed-to-dos-attacks/ Thu, 12 Dec 2024 04:46:45 +0000 https://www.aquasec.com/?p=23809 In this research, we uncovered several vulnerabilities and security flaws within the Prometheus ecosystem. These findings span across three major areas: information disclosure, denial-of-service (DoS), and code execution.  We found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys.    Additionally, we …]]> https://www.aquasec.com/blog/matrix-unleashes-a-new-widespread-ddos-campaign/ Tue, 26 Nov 2024 03:51:18 +0000 https://www.aquasec.com/?p=23676 Aqua Nautilus researchers uncovered a new and widespread Distributed Denial-of-Service (DDoS) campaign orchestrated by a threat actor named Matrix. Triggered by activities detected on our honeypots, this investigation dives deep into Matrix’s methods, targets, tools, and overall goals.    This campaign highlights how accessible tools and minimal technical knowledge can enable large-scale cyberattacks. Matrix demonstrates a …]]> https://www.aquasec.com/blog/threat-actors-hijack-misconfigured-servers-for-live-sports-streaming/ Tue, 19 Nov 2024 04:51:16 +0000 https://www.aquasec.com/?p=23588 To keep up with the ever-evolving world of cybersecurity, Aqua Nautilus researchers deploy honeypots that mimic real-world development environments. During a recent threat-hunting operation, they uncovered a surprising new attack vector: threat actors using misconfigured servers to hijack environments for streaming sports events. By exploiting misconfigured JupyterLab and Jupyter Notebook applications, attackers drop live streaming …]]>