Thinking of Crypto-Mining on Your Selenium Grid? Review These Considerations

Hacker News reported a hacker campaign targeting older versions of Selenium (3.141.59 and prior). The attack allows malicious users to run XMRig crypto-miners on in-house Selenium grids, potentially leading to significant charges on cloud accounts if undetected. Security firm Wiz discovered the vulnerability affecting more than 30,000 instances of Selenium. Upgrading to the latest version and ensuring proper firewall configurations are recommended remedies. Sauce Labs customers are not exposed to this issue as they must authenticate to the platform, which prevents unauthorized access.