The malicious OracleIV image The attack observed by Cado starts with a HTTP POST request to the /images/create endpoint of the unprotected Docker API followed by parameters that pointing to an ...