Sysdig Threat Research

Discovering the latest attacks and providing defensive measures to keep organizations safe

LATEST CVE NEWS

Bypass in Harden-Runner GitHub Action CVE-2025-32955

Secure tj-actions/changed-files Vulnerability with Falco Actions

Detecting & Mitigating IngressNightmare CVE-2025-1974

Featured novel threats

Research at Sysdig is rooted in two core disciplines — security research and threat detection and response — to identify and stop the most critical and novel cloud-native threats in their tracks.

EMERALDWHALE

How an operation leveraged Terraform, Kubernetes, and AWS to steal data

The latest threat research

Showing 46-54 of 114

Threat Research, Cloud Security, Kubernetes & Container Security

Chaos Malware Quietly Evolves Persistence and Evasion Techniques

Cloud Security, Kubernetes & Container Security, Threat Research

Bypassing Network Detection with Graftcp

Threat Research, Cloud Security

SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft

Kubernetes & Container Security, Compliance, Threat Research

OWASP Kubernetes Top 10

Threat Research, Cloud Security, Sysdig Features

8220 Gang Continues to Evolve With Each New Campaign

Cloud Security, Kubernetes & Container Security, Sysdig Features, Threat Research

How to Prevent a DDoS Attack

Threat Research, Cloud Security

CVE-2023-0210

Kubernetes & Container Security, Cloud Security, Threat Research

Exploring the New Container Checkpointing Feature

Threat Research, Cloud Security, Kubernetes & Container Security, Open Source

Discovered new BYOF technique to cryptomining with PRoot

1 … 4 5 6 7 8 … 13

About the team

The Sysdig Threat Research Team (TRT) are highly skilled security experts dispersed across the globe, with experience in governmental, commercial, and academic arenas. Their expertise includes offensive and defensive security operations, computer network operations, malware analysis, and beyond.

The team is well-known for introducing the 10-minute timeframe for cloud attacks, setting the 555 Benchmark for Cloud Threat Detection and Response, and uncovering novel threats like SCARLETEEL.

The industry’s most elite threat researchers
The Sysdig Threat Research Team specializes in the discovery and mitigation of the most novel cloud and container attacks.

Novel threats discovered since 2022

500

Detection rules created

Reports published on vulns, detections, and mitigation techniques

Threat Research Reports

reports

2023 Global Cloud Threat Report

reports

2022 Cloud-Native Threat Report

Cloud-Native Usage Reports

reports

Sysdig 2025 Cloud-Native Security and Usage Report

reports

Sysdig 2024 Cloud-Native Security and Usage Report

reports

2023 Cloud Native Security and Usage Report

reports

Sysdig Threat Research

The 2025 Cloud-Native Security and Usage Report

Featured novel threats

15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files

Inside the operations of a rising threat actor exploiting OSS tools

Stolen cloud credentials were used to target 10 cloud-hosted LLMs

How an operation leveraged Terraform, Kubernetes, and AWS to steal data

The latest threat research