Cybersecurity researchers have called attention to a « massive campaign » that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation.
The activity, observed around December 25, 2025, and described as « worm-driven, » leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosed
