BlueRock RRIQ Is Now Available On AWS Marketplace For Amazon Linux 2023, and soon for Ubuntu.

A new wormable malware campaign is exploiting exposed Docker APIs to spread a self-replicating Dero cryptocurrency miner. Masquerading as nginx, it scans the internet for vulnerable hosts and propagates automatically, turning each container into a new infection source. BlueRock’s runtime guardrails stop this class of attack by blocking unauthorized binaries, container drift, and wormable lateral movement—neutralizing the threat before it can scale.

AI/ML systems are rapidly adopting Python-based tools, exposing organizations to serious security threats—particularly from insecure deserialization. Attackers now exploit pickle-based flaws across major ML frameworks like PyTorch, Keras, vLLM, and BentoML to execute remote code, steal data, or corrupt models. With zero-days on the rise and patching cycles lagging, traditional defenses fall short.

We are losing the scan-patch battle – and that has to change. Written by Bob Tinker.

On 16 April 2025, U.S. funding for MITRE’s Common Vulnerabilities and Exposures (CVE) catalog hit zero. An 11‑month rescue contract from CISA arrived at the eleventh hour, but the close call exposed a brittle single‑sponsor model. The immediate fix: two parallel efforts—the nonprofit CVE Foundation and Europe‑backed Global CVE (GCVE)—aim to decentralize governance. Meanwhile, attackers now weaponize fresh bugs in about five days, so defenders must pair CVE intel with fast, compensating‑control automation such as BlueRock’s Evidence of Vulnerability Coverage (EVC).

In an era where software supply chain attacks are increasing rapidly, organizations struggle to keep up with the growing volume of Common Vulnerabilities and Exposures (CVEs). Traditional vulnerability management is reactive and often inefficient, leaving security teams chasing endless patch cycles.

Bluerock.io was recently featured in Forbes, where we shared insights on advancing cloud security through real-time prevention. The article explores essential strategies to protect cloud environments effectively and seamlessly, aligning with our commitment to making security native to infrastructure

Carl Jung is credited as having said “The pendulum of the mind oscillates between sense and nonsense, not between right and wrong” (emphasis mine) which succinctly captures the essence of a lot of human thought, not least in cybersecurity. Pendulums are also great metaphors for human thinking because—like an idealized theoretical model of a pendulum—external forces don’t necessarily cause things to return to an equilibrium

Uncover the critical details of CVE-2024-1086, a notable Linux kernel vulnerability with far-reaching security implications.

Discover eBPF's journey as a game-changer in Linux security and observability, shaping today's digital security landscape.

CVE-2024-1086—a.k.a. Dirty Pagedirectory—is back in the news again and is an excellent demonstration of the limits of OS hardening and other “self-protection” mechanisms. It illustrates why modern runtime security can best be achieved by decoupling the method of protection from the object of protection. BlueRock achieves this separation with its groundbreaking workload protection platform.

The Pyramid of Pain has been an essential tool for defenders, but may place too much emphasis on detection and response and inadvertently marginalized prevention.