Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service (DDoS) botnet dubbedOracleIV. “Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named ‘oracleiv_latest’ and containing Python malware compiled as an ELF executable