Aqua Research Team

Team Nautilus focuses on cybersecurity research of the cloud native stack. Its mission is to uncover new vulnerabilities, threats and attacks that target containers, Kubernetes, serverless, and public cloud infrastructure — enabling new methods and tools to address them.

SECURITY RESEARCH
Shadow Roles: AWS Defaults Can Open the Door to Service Takeover
Security Threat
What if the biggest risk to your cloud environment wasn’t a misconfiguration you made, but one baked into the defaults? Our research uncovered security concerns in the deployment of resources within a few AWS services, specifically in the default AWS service roles. These roles, often created automatically or recommended during setup, grant overly broad permissions, …
Read more
SECURITY RESEARCH
Tomcat in the Crosshairs: New Research Reveals Ongoing Attacks
News headlines reported that it took just 30 hours for attackers to exploit a newly discovered vulnerability in Apache Tomcat servers. But what does this mean for workloads relying on Tomcat? Aqua Nautilus researchers discovered a new attack campaign targeting Apache Tomcat. In this blog, we shed light on newly discovered malware that targets Tomcat …
Read more
Get Security Threat Alerts
SECURITY RESEARCH
Stopping Sobolan Malware with Aqua Runtime Protection  
Aqua Nautilus researchers have discovered a new attack campaign targeting interactive computing environments such as Jupyter Notebooks. The attack consists of multiple stages, beginning with the download of a compressed file from a remote server. Once executed, the attacker deploys several malicious tools to exploit the server and establish persistence. This campaign poses a significant …
Read more
SECURITY RESEARCH
OPA Gatekeeper Bypass Reveals Risks in Kubernetes Policy Engines
Security Threat
Implementing Kubernetes securely can be a daunting task. Fortunately, there are tools in the K8s toolshed that provide out-of-the-box solutions using a single click. One such tools is OPA Gatekeeper. It is a great out-of-the-box security checkpoint to enforce security policies on Kubernetes. But are users using it correctly? Do they understand its limitations? Our …
Read more
SECURITY RESEARCH
300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks
Security Threat
In this research, we uncovered several vulnerabilities and security flaws within the Prometheus ecosystem. These findings span across three major areas: information disclosure, denial-of-service (DoS), and code execution.  We found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys.   
Read more
SECURITY RESEARCH
Matrix Unleashes A New Widespread DDoS Campaign
Security Threat
Aqua Nautilus researchers uncovered a new and widespread Distributed Denial-of-Service (DDoS) campaign orchestrated by a threat actor named Matrix. Triggered by activities detected on our honeypots, this investigation dives deep into Matrix’s methods, targets, tools, and overall goals.   
Read more
SECURITY RESEARCH
Threat Actors Hijack Misconfigured Servers for Live Sports Streaming
Security Threat
To keep up with the ever-evolving world of cybersecurity, Aqua Nautilus researchers deploy honeypots that mimic real-world development environments. During a recent threat-hunting operation, they uncovered a surprising new attack vector: threat actors using misconfigured servers to hijack environments for streaming sports events. By exploiting misconfigured JupyterLab and Jupyter Notebook applications, attackers drop live streaming …
Read more
SECURITY RESEARCH
TeamTNT’s Docker Gatling Gun Campaign
Security Threat
Long time no see, Aqua Nautilus researchers have identified a new campaign in the making by TeamTNT, a notorious hacking group. In this campaign, TeamTNT appears to be returning to its roots while preparing for a large-scale attack on cloud native environments. The group is currently targeting exposed Docker daemons to deploy Sliver malware, a …
Read more
SECURITY RESEARCH
AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover
Security Threat
In June 2024, we uncovered a security issue related to the AWS Cloud Development Kit (CDK), an open-source project. This discovery adds to the six other vulnerabilities we discovered within AWS services.  The impact of this issue could, in certain scenarios (outlined in the blog), allow an attacker to gain administrative access to a target AWS account, …
Read more
SECURITY RESEARCH
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
Security Threat
In this blog post, Aqua Nautilus researchers aim to shed light on a Linux malware that, over the past 3-4 years, has actively sought more than 20,000 types of misconfigurations in order to target and exploit Linux servers. If you have a Linux server connected to the internet, you could be at risk. In fact, …
Read more
More Security Alerts
Targeting containers, Kubernetes, serverless, and public cloud
Read More
Unveil the World of Kinsing Malware
Our Aqua Nautilus team's relentless pursuit of understanding cybersecurity threats led to a deep dive deep into the world of Kinsing. Our latest report, meticulously curated by our research team, offers unparalleled insights into Kinsing operations, unveiling new discoveries and providing crucial strategies for security teams to mitigate associated risks effectively.
Download the Full Report

Additional Resources

Research and Reports
Cloud Native Threat Report: Attacks in the Wild on the Container Supply Chain and Infrastructure  
Get the Threat Report
Research and Reports
2023 Aqua Nautilus Research: A Comprehensive Cloud Native Threat Report
Get the Full Report
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links