TeamTNT is launching a new campaign exploiting exposed Docker daemons to install malware and cryptominers on cloud environments. They’re leveraging Docker Hub to spread payloads, using Sliver for command-and-control, and have introduced the "Docker Gatling Gun" script to infect and manage servers en masse. This evolution marks their shift toward renting compromised systems for crypto-mining on a larger scale