Actively Exploited
Researchers have identified a significant cyber campaign known as the TeamPCP worm, which has been targeting cloud-native environments since late December 2025. This worm exploits vulnerabilities in widely used technologies, including exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers. By hijacking these services, attackers are able to create a malicious infrastructure for further exploitation. This situation is alarming as it can potentially affect numerous organizations that rely on these cloud services for their operations. Companies need to ensure their cloud environments are properly secured against such vulnerabilities to prevent unauthorized access and data breaches.
Impact: Docker APIs, Kubernetes clusters, Ray dashboards, Redis servers
Remediation: Organizations should secure their Docker APIs and Kubernetes clusters, apply the latest security patches, and implement strict access controls to mitigate unauthorized access.