Container breakout and privilege escalation attempted when credential harvesting fails

critical

securityUpdated Nov 24, 2025(via Exa)

Sources

SHA1-Hulud, npm Supply Chain Incident | Snyksnyk.io

Technologies:

Snyksubject

DockerDocker metrics correlate with this issue and help confirm diagnosis

KubernetesKubernetes metrics correlate with this issue and help confirm diagnosis

How to detect:

When credential harvesting is unsuccessful, the worm escalates by attempting container breakouts and privilege escalation to access the host system directly, expanding compromise scope beyond the container boundary.

Recommended action:

Review container security policies and runtime configurations. Audit system logs for privilege escalation attempts. Implement runtime security monitoring with tools that detect container escapes. Check container isolation settings (seccomp, AppArmor, SELinux). Review privileged container deployments. Enable kernel audit logging for privilege escalation events.