Exposed Docker daemon APIs (TCP 2375/2376), unauthenticated Kubernetes API servers and dashboards, unauthenticated Ray/Anyscale dashboards, and Redis instances without authentication were systematically exploited by TeamPCP in December 2025 as part of a large-scale automated cloud-native compromise campaign. These are not software vulnerabilities with assigned CVEs but rather exploited misconfigurations that were chained with CVE-2025-55182 to convert compromised hosts into scanning relay nodes and ransomware/cryptomining infrastructure. Immediate remediation requires auditing all cloud environments for publicly reachable control plane interfaces and enforcing authentication on all affected services.