In January 2025, Kong discovered an unauthorized Docker image with a cryptominer published to their DockerHub registry, affecting version 3.4.0 of the Kong Ingress Controller (KIC), due to a Dependabot actor confusion exploit. The attack utilized a "Pwn Request" exploit triggered by a GitHub pull request on an unused branch, allowing the attacker to steal secrets and publish the unauthorized image, which was downloaded 202 times. Kong's security team quickly revoked access, rotated secrets, rebuilt the correct image, and issued a security advisory. The exploit's impact was mitigated by its cryptomining payload, limited scope, and timing during a quiet period. The company has since been working with a third-party forensics firm for analysis and has implemented enhanced security measures, such as updating workflow permissions, auditing access tokens, and improving incident response protocols, to prevent future incidents.