Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Jenkins server actively exploited security flaw (CVE-2024-23897)

Vulnerability
First reported
Last updated
Happening score
H score 20
1 unique sources, 1 articles

Summary

Hide ▲

In an AWS-hosted environment, CVE-2024-23897 on an exposed Jenkins server was used as the initial foothold, creating an intrusion path that led to malware deployment on Kubernetes clusters. The flaw was part of an active exploitation chain rather than a theoretical exposure, so the management server itself became the pivot point for follow-on access. That foothold was then used to seed a malicious Docker Hub image, showing how one compromised control plane can enable broader cloud compromise.

Related Happenings

Checkmarx/kics Docker Hub repository hit by network compromise

Incident
First: 22.04.2026 20:55 Last: 22.04.2026 20:55 Sources 1

About this happening: **Checkmarx's checkmarx/kics Docker Hub repository** suffered a **supply-chain compromise** that could expose **secrets** from infrastructure-as-code scans. **Unknown threat actor...

Open Happening

TrueChaos TrueConf CVE-2026-3502 campaign targeting Southeast Asian government entities

Campaign
First: 02.04.2026 00:35 Last: 02.04.2026 00:35 Sources 1

About this happening: The **TrueChaos** campaign has been exploiting **CVE-2026-3502** in **TrueConf** zero-day attacks against **government entities in Southeast Asia**, turning compromised servers in...

Open Happening

LiteLLM PyPI credential-stealing malware compromise

Malware Activity
First: 25.03.2026 14:00 Last: 25.03.2026 14:00 Sources 1

About this happening: The **LiteLLM** package on **PyPI** was compromised with **credential-stealing malware**, putting downstream environments at risk of secret theft and persistence. Malicious releas...

Open Happening

TeamPCP infostealer in compromised Trivy Docker Hub images

Malware Activity
First: 23.03.2026 17:05 Last: 23.03.2026 17:05 Sources 1

About this happening: **TeamPCP infostealer** was found in additional **compromised Trivy Docker images**, extending the malware distribution path through **Docker Hub**. The newly identified tags **0....

Open Happening

XM Cyber maps eight validated AWS Bedrock attack vectors across connected enterprise integrations

Technical Analysis
First: 23.03.2026 13:55 Last: 23.03.2026 13:55 Sources 1

About this happening: **XM Cyber** mapped **eight validated attack vectors** in **AWS Bedrock**, showing how over-privileged permissions can expose logs, knowledge bases, agents, flows, guardrails, and...

Open Happening

Timeline

  1. 16.10.2025 17:28 2 articles · 7mo ago

    LinkPro discovered in AWS-hosted compromise tied to Jenkins exploitation

    Initial Disclosure

    Synacktiv discovered LinkPro, a new GNU/Linux rootkit, during analysis of an AWS-hosted compromise that began with exploitation of an exposed Jenkins server vulnerable to CVE-2024–23897 and the deployment of a malicious Docker Hub image named "kvlnt/vv" to Kubernetes clusters. The rootkit uses eBPF modules to hide processes and network activity, can be activated by a TCP "magic packet" with window size 54321, and falls back to /etc/ld.so.preload with libld.so to conceal artifacts in user space when kernel-level hiding is unavailable. LinkPro also supports C2 command execution, /bin/bash pseudo-terminal access, shell commands, file enumeration and file operations, downloads, and SOCKS5 proxy tunneling.

    Show sources
    Open in new tab