DevOps

One allowed SSRF, the other revealed sensitive keys One of the flaws, CVE-2025-8341, lurked in Infinity’s URL allow-list check. By slipping an ‘@’ symbol into a crafted URL, attackers could …

Cloud workloads running these tools are especially at risk. Once compromised, attackers siphon off significant computing power, resulting in unexpected cloud bills and slower application performance. Some affected Nomad clusters …

Cybersecurity researchers have discovered a new cryptojacking campaign that’s targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine …