The state of DevSecOps, MCP risks, and raiding Redis
Welcome to the May 2025 edition of the Datadog Security Digest!
This month, we've got another rich crop of stories across the security landscape—including insights into real-world security practices from our State of DevSecOps report, research into the new hot topic of MCP servers, and diverse vulnerabilities, such as DMARC spoofing and attackers targeting Redis servers.
This newsletter was curated by Rory McCune this month.
State of DevSecOps
Datadog's State of DevSecOps report highlights some of the key risks facing development teams today, showing that choice of programming language and approach to development and release management can significantly affect your security posture. We also shared some key learnings from the report to help companies improve their security.
AI and LLM security
The rise of MCP servers brings new security concerns
MCP servers have seen very rapid growth, with lots of commercial organizations and open source projects adding MCP servers to their offerings to allow for easier integration with LLM tools like Claude Desktop. However, alongside these developments comes increasing awareness of the security risks of MCP servers. Trail of Bits' research team has been looking at some of the potential pitfalls in adopting MCP servers with blogs covering command execution, theft of conversation history, how to hide malicious instructions, and insecure credential storage.
Unexpected behavior in Snowflake’s Cortex AI
This post from Cyera highlights another challenge in adopting AI-based tooling. Their research identified an access control issue in Snowflake's Cortex AI product, which allowed the researchers to gain access to sensitive information. While confused deputy–style security vulnerabilities aren't new, it's important to recognize they still exist in modern AI tooling.
How I Used AI to Create a Working Exploit for CVE-2025-32433 Before Public PoCs Existed
AI tools are also seeing increasing use in the offensive security world. With tools that are good at understanding complex codebases and writing new code, the barriers to things like exploit development are lowered. This post walks through the process of creating a functional proof-of-concept exploit for a new CVE in the SSH protocol.
Container security
Kubectl-r[ex]ec: A kubectl plugin for auditing kubectl exec commands
Auditing and tracking activity in Kubernetes clusters is an important part of maintaining security, and there has been a traditional blind spot in the use of "kubectl exec" where commands won't be logged by default.
Adyen have created a plugin for kubectl to help address this by adding logging to kubectl exec commands.
The Risk of Default Configuration: How Out-of-the-Box Helm Charts Can Breach Your Cluster
Some of Microsoft's security researchers took a look at how Helm chart security defaults might lead to vulnerabilities creeping into Kubernetes clusters. They found a number of unsafe defaults in popular Helm charts and have some recommendations on how to avoid security breaches caused by them.
Supply chain security
Backdoor found in popular ecommerce components
Sansec has uncovered a coordinated supply chain attack affecting multiple Magento extensions, with backdoors embedded in popular components from vendors including Tigren, Magesolution (MGS), Meetanshi, and potentially Weltpixel. The malicious code, introduced as early as 2019, remained dormant until recently, when attackers began exploiting it to gain control over ecommerce servers.
Agent of Chaos: Hijacking NodeJS’s Jenkins Agents
Praetorian's recent research uncovered vulnerabilities within Node.js's CI/CD pipeline, specifically targeting the integration between GitHub Actions and Jenkins agents. By exploiting race conditions and manipulating Git commit timestamps, attackers could bypass review checks, leading to potential remote code execution on Jenkins agents and unauthorized code merges into the main branch. This highlights the complexities and security challenges inherent in multi-platform CI/CD environments.
Threat detection and incident response
RedisRaider: Weaponizing misconfigured Redis to mine cryptocurrency at scale
Datadog's security research team identified a cryptojacking attack targeting exposed Redis instances to drop obfuscated malware onto Linux hosts which is then used to mine cryptocurrency.
Google Spoofed Via DKIM Replay Attack: A Technical Breakdown
EasyDMARC detailed an interesting phishing campaign that leverages a DKIM replay attack to spoof legitimate Google emails. Attackers leveraged resending of emails with valid DKIM signatures, allowing the attack to pass DKIM and DMARC checks. The phishing email also made use of a Google Sites page made to resemble an official support portal, to add authenticity to their attack.
io_uring Is Back, This Time as a Rootkit
ARMO researchers have identified a potentially significant blind spot in Linux runtime security tools stemming from the io_uring interface, an asynchronous I/O mechanism introduced in Linux 5.1. Unlike traditional system calls, io_uring enables user applications to perform various actions without invoking syscalls, rendering many security tools that rely on syscall monitoring ineffective against rootkits that use this interface.
How I made $64k from deleted files — a bug bounty story
Security researcher Sharon Brizinov developed an automated system to scan tens of thousands of public GitHub repositories for sensitive data lingering in deleted files. By restoring removed files, unpacking .pack files, and analyzing dangling Git objects, he uncovered API keys, tokens, and credentials that developers might have assumed were erased. This method capitalized on Git's immutable history, which retains data unless explicitly purged.
Community events and talks
Datadog's Kennedy Toomey took an in-depth look at how application tracing works and how it can help with security at BSides San Francisco. The slides are available here.