New JINX-0132 cryptojacking attacks hit Docker, Nomad, Gitea, and Consul servers using misconfigurations.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

A new cryptojacking campaign called JINX-0132 targets misconfigured DevOps servers including Docker, Gitea, HashiCorp Consul, and Nomad to mine cryptocurrencies. Attackers exploit known vulnerabilities and misconfigurations, downloading tools directly from GitHub to avoid attribution. The campaign notably represents the first documented exploitation of Nomad misconfigurations in the wild, with compromised instances managing hundreds of clients worth tens of thousands of dollars monthly in computing resources.

Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub