Cybersecurity researchers have called attention to a „massive campaign“ that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation.
The activity, observed around December 25, 2025, and described as „worm-driven,“ leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosed
https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html