Hackers are hijacking corporate #XWiki servers using flaw CVE-2025-24893 to install cryptominers and gain full server access. Patch now. 🔒
Read: hackread.com/hackers-hija...
#CyberSecurity #RCE #Cryptojacking #XWiki #InfoSec
Read: hackread.com/hackers-hija...
#CyberSecurity #RCE #Cryptojacking #XWiki #InfoSec
Hackers Hijack Corporate XWiki Servers for Crypto Mining
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
October 29, 2025 at 4:30 PM
Hackers are hijacking corporate #XWiki servers using flaw CVE-2025-24893 to install cryptominers and gain full server access. Patch now. 🔒
Read: hackread.com/hackers-hija...
#CyberSecurity #RCE #Cryptojacking #XWiki #InfoSec
Read: hackread.com/hackers-hija...
#CyberSecurity #RCE #Cryptojacking #XWiki #InfoSec
🚨Kong Ingress' DockerHub account was breached, and the Ingress Controller v3.4.0 image was replaced with a malicious version containing cryptojacking code.
🔗 hackread.com/malicious-ko...
#CyberSecurity #Kubernetes #SupplyChain #DockerHub
🔗 hackread.com/malicious-ko...
#CyberSecurity #Kubernetes #SupplyChain #DockerHub
Malicious Kong Ingress Controller Image Found on DockerHub
Follow us on Bluesky, Twitter (X) and Facebook at @Hackread
hackread.com
January 14, 2025 at 9:55 AM
🚨Kong Ingress' DockerHub account was breached, and the Ingress Controller v3.4.0 image was replaced with a malicious version containing cryptojacking code.
🔗 hackread.com/malicious-ko...
#CyberSecurity #Kubernetes #SupplyChain #DockerHub
🔗 hackread.com/malicious-ko...
#CyberSecurity #Kubernetes #SupplyChain #DockerHub
[April 15, 2024] Ars Technica: Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M
www.resetera.com/threads/84...
www.resetera.com/threads/84...
April 17, 2024 at 12:01 AM
[April 15, 2024] Ars Technica: Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M
www.resetera.com/threads/84...
www.resetera.com/threads/84...
クリプトジャッキングキャンペーンはNomadを含むDevOpsサーバーをターゲットにしている
Cryptojacking Campaign Targets DevOps Servers Including Nomad #InfosecurityMagazine (Jun 2)
www.infosecurity-magazine.com/news/cryptoj...
Cryptojacking Campaign Targets DevOps Servers Including Nomad #InfosecurityMagazine (Jun 2)
www.infosecurity-magazine.com/news/cryptoj...
Cryptojacking Campaign Targets DevOps Servers Including Nomad
Wiz finds new threat group running cryptojacking campaign via exploited and misconfigured DevOps assets
www.infosecurity-magazine.com
June 3, 2025 at 1:03 PM
クリプトジャッキングキャンペーンはNomadを含むDevOpsサーバーをターゲットにしている
Cryptojacking Campaign Targets DevOps Servers Including Nomad #InfosecurityMagazine (Jun 2)
www.infosecurity-magazine.com/news/cryptoj...
Cryptojacking Campaign Targets DevOps Servers Including Nomad #InfosecurityMagazine (Jun 2)
www.infosecurity-magazine.com/news/cryptoj...
DevOps Dilemma: Cryptojackers Turn Docker & Gitea Into Digital Goldmines!
Cryptojacking campaign exploits DevOps tools like Docker and Gitea to secretly mine cryptocurrency. Beware of JINX-0132 lurking in your misconfigured servers!
thenimblenerd.com?p=1047113
Cryptojacking campaign exploits DevOps tools like Docker and Gitea to secretly mine cryptocurrency. Beware of JINX-0132 lurking in your misconfigured servers!
thenimblenerd.com?p=1047113
DevOps Dilemma: Cryptojackers Turn Docker & Gitea Into Digital Goldmines!
In a surprising twist, cryptojackers are using DevOps tools to mine cryptocurrency, exploiting misconfigured servers like Docker and Gitea. Dubbed JINX-0132, this campaign cleverly avoids detection by using open-source tools. Time to update those server configs before your infrastructure starts working overtime for someone else's wallet!
thenimblenerd.com
June 3, 2025 at 8:57 AM
DevOps Dilemma: Cryptojackers Turn Docker & Gitea Into Digital Goldmines!
Cryptojacking campaign exploits DevOps tools like Docker and Gitea to secretly mine cryptocurrency. Beware of JINX-0132 lurking in your misconfigured servers!
thenimblenerd.com?p=1047113
Cryptojacking campaign exploits DevOps tools like Docker and Gitea to secretly mine cryptocurrency. Beware of JINX-0132 lurking in your misconfigured servers!
thenimblenerd.com?p=1047113
Crafty Cryptojackers: Mimo’s Mischief Exploits Craft CMS Flaw for Mining Mayhem
Mimo strikes again! Craft CMS flaw CVE-2025-32432 exploited for cryptojacking, proxyjacking, and more. Discover how this nimble group keeps systems on edge.
thenimblenerd.com?p=1046710
Mimo strikes again! Craft CMS flaw CVE-2025-32432 exploited for cryptojacking, proxyjacking, and more. Discover how this nimble group keeps systems on edge.
thenimblenerd.com?p=1046710
Crafty Cryptojackers: Mimo’s Mischief Exploits Craft CMS Flaw for Mining Mayhem
Craft CMS vulnerability, CVE-2025-32432, is the latest playground for the Mimo threat actor. This crafty hacker uses it to deploy a cryptocurrency miner and Mimo Loader. Seems like the only thing not patched up is their sense of humor, considering they import Python's urllib2 as "fbi."
thenimblenerd.com
May 28, 2025 at 11:57 AM
Crafty Cryptojackers: Mimo’s Mischief Exploits Craft CMS Flaw for Mining Mayhem
Mimo strikes again! Craft CMS flaw CVE-2025-32432 exploited for cryptojacking, proxyjacking, and more. Discover how this nimble group keeps systems on edge.
thenimblenerd.com?p=1046710
Mimo strikes again! Craft CMS flaw CVE-2025-32432 exploited for cryptojacking, proxyjacking, and more. Discover how this nimble group keeps systems on edge.
thenimblenerd.com?p=1046710
Ayodeji Adeniran, Kieran Human, David Mohaisen
Dissecting the Infrastructure Used in Web-based Cryptojacking: A Measurement Perspective
https://arxiv.org/abs/2408.03426
Dissecting the Infrastructure Used in Web-based Cryptojacking: A Measurement Perspective
https://arxiv.org/abs/2408.03426
August 8, 2024 at 4:01 AM
Ayodeji Adeniran, Kieran Human, David Mohaisen
Dissecting the Infrastructure Used in Web-based Cryptojacking: A Measurement Perspective
https://arxiv.org/abs/2408.03426
Dissecting the Infrastructure Used in Web-based Cryptojacking: A Measurement Perspective
https://arxiv.org/abs/2408.03426
Cryptojacking Has Gotten Out of Control via @WIRED
November 11, 2024 at 8:06 AM
Cryptojacking Has Gotten Out of Control via @WIRED
Notícia da BleepingComputer
"Homem do Nebraska se declara culpado por esquema de cryptojacking de $3,5 milhões." #bolhasec
"Homem do Nebraska se declara culpado por esquema de cryptojacking de $3,5 milhões." #bolhasec
Nebraska Man pleads guilty to $3.5 million cryptojacking scheme
A Nebraska man pleaded guilty on Thursday to operating a large-scale cryptojacking operation after being arrested and charged in April. [...]
www.bleepingcomputer.com
December 6, 2024 at 11:02 AM
Notícia da BleepingComputer
"Homem do Nebraska se declara culpado por esquema de cryptojacking de $3,5 milhões." #bolhasec
"Homem do Nebraska se declara culpado por esquema de cryptojacking de $3,5 milhões." #bolhasec
Outlaw Group Uses SSH Brute-Force To Deploy Cryptojacking Malware On Linux Servers - https://mwyr.es/I7F0TOEE #thn #infosec
Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers
Outlaw malware exploits weak SSH credentials + uses worm-like spread since 2018 + enables cryptojacking.
mwyr.es
April 2, 2025 at 10:38 PM
Outlaw Group Uses SSH Brute-Force To Deploy Cryptojacking Malware On Linux Servers - https://mwyr.es/I7F0TOEE #thn #infosec
Cryptojacking Chaos: DevOps Servers Under Siege by JINX-0132!
Cryptojacking campaign JINX-0132 exploits DevOps servers like Docker, Gitea and Nomad to mine crypto. Hackers use GitHub tools, spinning up containers smoothly!
thenimblenerd.com?p=1047073
Cryptojacking campaign JINX-0132 exploits DevOps servers like Docker, Gitea and Nomad to mine crypto. Hackers use GitHub tools, spinning up containers smoothly!
thenimblenerd.com?p=1047073
Cryptojacking Chaos: DevOps Servers Under Siege by JINX-0132!
In a hilarious twist on cryptojacking, attackers are exploiting misconfigured DevOps web servers like Docker, Gitea, and HashiCorp Nomad. Known as JINX-0132, this campaign uses GitHub tools to mine cryptocurrency, making it harder to trace. Note: Nomad's not secure-by-default, and hackers are loving it!
thenimblenerd.com
June 2, 2025 at 4:53 PM
Cryptojacking Chaos: DevOps Servers Under Siege by JINX-0132!
Cryptojacking campaign JINX-0132 exploits DevOps servers like Docker, Gitea and Nomad to mine crypto. Hackers use GitHub tools, spinning up containers smoothly!
thenimblenerd.com?p=1047073
Cryptojacking campaign JINX-0132 exploits DevOps servers like Docker, Gitea and Nomad to mine crypto. Hackers use GitHub tools, spinning up containers smoothly!
thenimblenerd.com?p=1047073
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub
#Cybersecurity researchers have discovered a new #cryptojacking campaign that's targeting publicly accessible DevOps web servers!
#Crypto #CryptoNews #crimenews #NEWS #tech
thehackernews.com/2025/06/cryp...
#Cybersecurity researchers have discovered a new #cryptojacking campaign that's targeting publicly accessible DevOps web servers!
#Crypto #CryptoNews #crimenews #NEWS #tech
thehackernews.com/2025/06/cryp...
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub
New JINX-0132 cryptojacking attacks hit Docker, Nomad, Gitea, and Consul servers using misconfigurations.
thehackernews.com
June 3, 2025 at 10:01 AM
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub
#Cybersecurity researchers have discovered a new #cryptojacking campaign that's targeting publicly accessible DevOps web servers!
#Crypto #CryptoNews #crimenews #NEWS #tech
thehackernews.com/2025/06/cryp...
#Cybersecurity researchers have discovered a new #cryptojacking campaign that's targeting publicly accessible DevOps web servers!
#Crypto #CryptoNews #crimenews #NEWS #tech
thehackernews.com/2025/06/cryp...
Exposed Redis? Congrats — TA‑NATALSTATUS turns it into rootkit-style crypto mining: renamed ps/top, chattr +i locks, cron persistence. Lock Redis or pay the cloud bill. 🔥😈
Read the full breakdown and fixes -> blog.alphahunt.io/ta-natalstat...
#AlphaHunt #CyberSecurity #Redis #Cryptojacking
Read the full breakdown and fixes -> blog.alphahunt.io/ta-natalstat...
#AlphaHunt #CyberSecurity #Redis #Cryptojacking
TA-NATALSTATUS: Rootkit-Style Cryptojacking Dominates Exposed Redis Servers Globally
If Redis is open to the internet, assume compromise. This actor gains root with native Redis tricks, plants miners, and hides using “rootkit-style” evasion. Here’s how to spot it fast and close the…
blog.alphahunt.io
September 26, 2025 at 1:06 PM
Exposed Redis? Congrats — TA‑NATALSTATUS turns it into rootkit-style crypto mining: renamed ps/top, chattr +i locks, cron persistence. Lock Redis or pay the cloud bill. 🔥😈
Read the full breakdown and fixes -> blog.alphahunt.io/ta-natalstat...
#AlphaHunt #CyberSecurity #Redis #Cryptojacking
Read the full breakdown and fixes -> blog.alphahunt.io/ta-natalstat...
#AlphaHunt #CyberSecurity #Redis #Cryptojacking
Unlike ransomware, it doesn't steal files but slows down the system and increases energy consumption.
Cryptojacking can happen via malicious email links or infected websites that run mining scripts in browsers.
Cryptojacking can happen via malicious email links or infected websites that run mining scripts in browsers.
October 11, 2025 at 3:00 AM
Unlike ransomware, it doesn't steal files but slows down the system and increases energy consumption.
Cryptojacking can happen via malicious email links or infected websites that run mining scripts in browsers.
Cryptojacking can happen via malicious email links or infected websites that run mining scripts in browsers.
How cybercriminals make money with cryptojacking dev.to/mariocandela...
How cybercriminals make money with cryptojacking
Introduction In this article, I’ll show you how a cybercriminal makes money with...
dev.to
February 18, 2025 at 11:13 AM
How cybercriminals make money with cryptojacking dev.to/mariocandela...
Malware uses sophisticated measures to disable antivirus protections, destroy evidence of infection, and permanently infect machines with cryptocurrency-mining software: Researchers spot cryptojacking attack that disables endpoint protections arstechnica.com/security/202...
Researchers spot cryptojacking attack that disables endpoint protections
A key component: Installing known vulnerable drivers from Avast and IOBit.
arstechnica.com
May 22, 2024 at 3:13 PM
Malware uses sophisticated measures to disable antivirus protections, destroy evidence of infection, and permanently infect machines with cryptocurrency-mining software: Researchers spot cryptojacking attack that disables endpoint protections arstechnica.com/security/202...
From Cloud to Cash: “CP3O” Indicted in Multi-Million Dollar Cryptojacking Operation securityonline.info/from-cloud-t...
From Cloud to Cash: "CP3O" Indicted in Multi-Million Dollar Cryptojacking Operation
Explore the recent arrest of Charles O. Parks III for orchestrating a sophisticated cryptojacking scheme. Learn how Parks mined cryptocurrency worth over $970,000 without paying for server rentals.
securityonline.info
December 9, 2024 at 4:03 AM
From Cloud to Cash: “CP3O” Indicted in Multi-Million Dollar Cryptojacking Operation securityonline.info/from-cloud-t...
1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack A widespread cryptojacking cam...
https://cybersecuritynews.com/1500-postgresql-servers-compromised/
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Event Attributes
https://cybersecuritynews.com/1500-postgresql-servers-compromised/
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Event Attributes
1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack
cybersecuritynews.com
April 3, 2025 at 12:47 PM
1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack A widespread cryptojacking cam...
https://cybersecuritynews.com/1500-postgresql-servers-compromised/
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Event Attributes
https://cybersecuritynews.com/1500-postgresql-servers-compromised/
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Event Attributes
Beware of Fake Error Pages That Linux and Windows Systems With Platform-Specific Malware A new wave of cryptojacking attacks is exploiting the humble 404 error page to sneak malicious binaries past...
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Origin | Interest | Match
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Origin | Interest | Match
Beware of Fake Error Pages That Linux and Windows Systems With Platform-Specific Malware
New Soco404 cryptojacking hides base64 malware in 404 pages, exploiting Tomcat and PostgreSQL to mine crypto across OS platforms.
cybersecuritynews.com
July 25, 2025 at 2:08 PM
Beware of Fake Error Pages That Linux and Windows Systems With Platform-Specific Malware A new wave of cryptojacking attacks is exploiting the humble 404 error page to sneak malicious binaries past...
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Origin | Interest | Match
#cyberf="/hashtag/Cyber" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Cyber #security/hashtag/Security" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#Security #newsef="/hashtag/News" class="hover:underline text-blue-600 dark:text-sky-400 no-card-link">#News #Threats #cyber #security #cyber #security #news
Origin | Interest | Match
DevOps Tools Targeted for Cryptojacking #appsec
DevOps Tools Targeted for Cryptojacking
DevOps Tools Targeted for Cryptojacking
0 views
Eyal Estrin
unread,
8:53 PM (29 minutes ago)
to
https://www.wiz.io/blog/jinx-0132-cryptojacking-campaign
Eyal Estrin
CISSP, CCSP, CISM, CISA, CDPSE, CCSK
Blog: https://security-24-7.com | Books: https://amzn.to/42Xai9A | https://amzn.to/3Sggbtv
Twitter: @eyalestrin | Bluesky: @eyalestrin.bsky.social
Reply all
Reply to author
Forward
groups.google.com
June 3, 2025 at 4:22 AM
DevOps Tools Targeted for Cryptojacking #appsec
Researchers Spot Cryptojacking Attack That Disables Endpoint Protections
Researchers spot cryptojacking attack that disables endpoint protections
A key component: Installing known vulnerable drivers from Avast and IOBit.
arstechnica.com
May 22, 2024 at 2:41 PM
Researchers Spot Cryptojacking Attack That Disables Endpoint Protections
Nebraska Man’s $3.5M Cloud Scam: When Cryptomining Goes Seriously Wrong
Nebraska man CP3O pleads guilty to cryptojacking, dodging a $3.5M bill. He mined $970K crypto, now faces 20 years. Crime doesn't pay, but it sure can bill!
https://buff.ly/41kGhl2
Nebraska man CP3O pleads guilty to cryptojacking, dodging a $3.5M bill. He mined $970K crypto, now faces 20 years. Crime doesn't pay, but it sure can bill!
https://buff.ly/41kGhl2
Nebraska Man’s $3.5M Cloud Scam: When Cryptomining Goes Seriously Wrong
Nebraska's own Charles O. Parks III, aka CP3O, has pled guilty to cryptojacking, mining $970,000 in cryptocurrency while stiffing cloud providers on a $3.5 million tab. Using fake companies like "MultiMillionaire LLC," he tricked providers into giving him VIP access, proving crime pays until the bill comes due.
buff.ly
December 6, 2024 at 12:37 AM
Nebraska Man’s $3.5M Cloud Scam: When Cryptomining Goes Seriously Wrong
Nebraska man CP3O pleads guilty to cryptojacking, dodging a $3.5M bill. He mined $970K crypto, now faces 20 years. Crime doesn't pay, but it sure can bill!
https://buff.ly/41kGhl2
Nebraska man CP3O pleads guilty to cryptojacking, dodging a $3.5M bill. He mined $970K crypto, now faces 20 years. Crime doesn't pay, but it sure can bill!
https://buff.ly/41kGhl2
##Italian ##Businesses Hit by Weaponized ##USBs Spreading Cryptojacking ##Malware
https://thehackernews.com/2024/01/italian-businesses-hit-by-weaponized.html
https://thehackernews.com/2024/01/italian-businesses-hit-by-weaponized.html
January 31, 2024 at 2:53 PM
##Italian ##Businesses Hit by Weaponized ##USBs Spreading Cryptojacking ##Malware
https://thehackernews.com/2024/01/italian-businesses-hit-by-weaponized.html
https://thehackernews.com/2024/01/italian-businesses-hit-by-weaponized.html