Aqua Research Team

Team Nautilus focuses on cybersecurity research of the cloud native stack. Its mission is to uncover new vulnerabilities, threats and attacks that target containers, Kubernetes, serverless, and public cloud infrastructure — enabling new methods and tools to address them.

SECURITY RESEARCH
OPA Gatekeeper Bypass Reveals Risks in Kubernetes Policy Engines
Security Threat
Implementing Kubernetes securely can be a daunting task. Fortunately, there are tools in the K8s toolshed that provide out-of-the-box solutions using a single click. One such tools is OPA Gatekeeper. It is a great out-of-the-box security checkpoint to enforce security policies on Kubernetes. But are users using it correctly? Do they understand its limitations? Our …
Read more
SECURITY RESEARCH
300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks
Security Threat
In this research, we uncovered several vulnerabilities and security flaws within the Prometheus ecosystem. These findings span across three major areas: information disclosure, denial-of-service (DoS), and code execution.  We found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys.   
Read more
Get Security Threat Alerts
SECURITY RESEARCH
Matrix Unleashes A New Widespread DDoS Campaign
Security Threat
Aqua Nautilus researchers uncovered a new and widespread Distributed Denial-of-Service (DDoS) campaign orchestrated by a threat actor named Matrix. Triggered by activities detected on our honeypots, this investigation dives deep into Matrix’s methods, targets, tools, and overall goals.   
Read more
SECURITY RESEARCH
Threat Actors Hijack Misconfigured Servers for Live Sports Streaming
Security Threat
To keep up with the ever-evolving world of cybersecurity, Aqua Nautilus researchers deploy honeypots that mimic real-world development environments. During a recent threat-hunting operation, they uncovered a surprising new attack vector: threat actors using misconfigured servers to hijack environments for streaming sports events. By exploiting misconfigured JupyterLab and Jupyter Notebook applications, attackers drop live streaming …
Read more
SECURITY RESEARCH
TeamTNT’s Docker Gatling Gun Campaign
Security Threat
Long time no see, Aqua Nautilus researchers have identified a new campaign in the making by TeamTNT, a notorious hacking group. In this campaign, TeamTNT appears to be returning to its roots while preparing for a large-scale attack on cloud native environments. The group is currently targeting exposed Docker daemons to deploy Sliver malware, a …
Read more
SECURITY RESEARCH
AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover
Security Threat
In June 2024, we uncovered a security issue related to the AWS Cloud Development Kit (CDK), an open-source project. This discovery adds to the six other vulnerabilities we discovered within AWS services.  The impact of this issue could, in certain scenarios (outlined in the blog), allow an attacker to gain administrative access to a target AWS account, …
Read more
SECURITY RESEARCH
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
Security Threat
In this blog post, Aqua Nautilus researchers aim to shed light on a Linux malware that, over the past 3-4 years, has actively sought more than 20,000 types of misconfigurations in order to target and exploit Linux servers. If you have a Linux server connected to the internet, you could be at risk. In fact, …
Read more
SECURITY RESEARCH
CUPS: A Critical 9.9 Linux Vulnerability Reviewed
Security Threat
In the past couple of days there has been many troubling publications and discussions about a mysterious critical Linux vulnerability allowing remote code execution. While this headline is very alarming, after diving into details there are many preconditions that cool down the level of alertness. Aqua Security researchers have looked into the content that was …
Read more
SECURITY RESEARCH
Sink or Swim: Tackling 2024’s Record-Breaking Vulnerability Wave
28,821 — that’s the number of vulnerabilities reported last year alone. With over 28,000 CVEs this year so far, 2024 is on track to set an even more troubling record. As cloud native technologies have become the backbone of modern IT infrastructure, these staggering figures highlight a growing and urgent threat. In this blog, we’ll …
Read more
SECURITY RESEARCH
Hadooken Malware Targets Weblogic Applications
Aqua Nautilus researchers identified a new Linux malware targeting Weblogic servers. The main payload calls itself Hadooken which we think is referring to the attack “surge fist” in the Street Fighter series. When Hadooken is executed, it drops a Tsunami malware and deploys a cryptominer. In this blog, we explain the malware, its components, and …
Read more
More Security Alerts
Targeting containers, Kubernetes, serverless, and public cloud
Read More
Unveil the World of Kinsing Malware
Our Aqua Nautilus team's relentless pursuit of understanding cybersecurity threats led to a deep dive deep into the world of Kinsing. Our latest report, meticulously curated by our research team, offers unparalleled insights into Kinsing operations, unveiling new discoveries and providing crucial strategies for security teams to mitigate associated risks effectively.
Download the Full Report

Additional Resources

Research and Reports
2020 Threat Report: Attacks in the Wild on Container Infrastructure
Get the Full Report
Research and Reports
Cloud Native Threat Report: Attacks in the Wild on the Container Supply Chain and Infrastructure  
Get the Threat Report
Research and Reports
2023 Aqua Nautilus Research: A Comprehensive Cloud Native Threat Report
Get the Full Report
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links