Sysdig Threat Research

Discovering the latest attacks and providing defensive measures to keep organizations safe

LATEST CVE NEWS

Detect and mitigate CVE-2024-12084

Detect and remediate RCE exploits in CUPS vulnerabilities

Detect Leaky Vessels exploitation in Docker and Kubernetes

Featured novel threats

Research at Sysdig is rooted in two core disciplines — security research and threat detection and response — to identify and stop the most critical and novel cloud-native threats in their tracks.

EMERALDWHALE

How an operation leveraged Terraform, Kubernetes, and AWS to steal data

The latest threat research

Showing 10-18 of 105

right-facing arrow illustration with text overlay that reads, AWS Compromised Key Quarantine

Threat Research

AWS Launches Improvements for Key Quarantine Policy

Threat Research

Detecting and Mitigating Remote Code Execution Exploits in CUPS

Cloud Security, Threat Research

The Growing Dangers of LLMjacking: Evolving Tactics and Evading Sanctions

Group shot of four men with text overlay that reads, The Sysdig Threat Research Team is on a mission. Secure innovation at cloud speeds.

Threat Research, Cloud Security

Sysdig Threat Research Team – Black Hat 2024

Threat Research, Cloud Security

CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools

Threat Research, Cloud Security

DDoS-as-a-Service: The Rebirth Botnet

Threat Research, Cloud Security

LLMjacking: Stolen Cloud Credentials Used in New AI Attack

Threat Research

Meet the Research behind our Threat Research Team

Threat Research

Building Honeypots with vcluster and Falco: Episode II

1 2 3 4 … 12

About the team

The Sysdig Threat Research Team (TRT) are highly skilled security experts dispersed across the globe, with experience in governmental, commercial, and academic arenas. Their expertise includes offensive and defensive security operations, computer network operations, malware analysis, and beyond.

The team is well-known for introducing the 10-minute timeframe for cloud attacks, setting the 555 Benchmark for Cloud Threat Detection and Response, and uncovering novel threats like SCARLETEEL.

The industry’s most elite threat researchers
The Sysdig Threat Research Team specializes in the discovery and mitigation of the most novel cloud and container attacks.

Novel threats discovered since 2022

500

Detection rules created

Reports published on vulns, detections, and mitigation techniques

Threat Research Reports

reports

2023 Global Cloud Threat Report

reports

2022 Cloud-Native Threat Report

Cloud-Native Usage Reports

reports

Sysdig 2025 Cloud-Native Security and Usage Report

reports

Sysdig 2024 Cloud-Native Security and Usage Report

reports

2023 Cloud Native Security and Usage Report

reports

Sysdig Threat Research

The 2025 Cloud-Native Security and Usage Report

Featured novel threats

15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files

Inside the operations of a rising threat actor exploiting OSS tools

Stolen cloud credentials were used to target 10 cloud-hosted LLMs

How an operation leveraged Terraform, Kubernetes, and AWS to steal data

The latest threat research

AWS Launches Improvements for Key Quarantine Policy

Detecting and Mitigating Remote Code Execution Exploits in CUPS

The Growing Dangers of LLMjacking: Evolving Tactics and Evading Sanctions

Sysdig Threat Research Team – Black Hat 2024