cryptomining
Safeguard articles tagged "cryptomining" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Inside the Qinglong Scheduler RCE: How Two Auth Bugs Became a Cryptomining Campaign
Two chainable auth-bypass bugs in the Qinglong task scheduler let attackers skip login entirely and mine crypto on victim CPUs — in the wild before a patch existed.
How task-scheduler RCEs become cryptomining botnets
Two chained Apache Airflow CVEs and a Rundeck YAML deserialization bug show how scheduler tools turn one flaw into unauthenticated RCE and persistent mining.
Jenkins Stapler Unauthenticated RCE Mass-Exploited for Cr...
CVE-2018-1000861 let attackers hit Jenkins Stapler unauthenticated, planting cryptomining malware on exposed CI/CD build servers across the internet.
Sonatype Nexus Repository Unauthenticated RCE via REST AP...
A deep dive into CVE-2019-7238, the unauthenticated RCE in Sonatype Nexus Repository Manager 3 that fueled cryptomining campaigns worldwide.
Docker Hub Malicious Images and Cryptomining Campaigns
Researchers found that millions of Docker Hub pulls go to images containing cryptominers, backdoors, and other malware. Here's how to protect your container pipeline.