Gord and Rothütle arrive at the entrance of an old mine, its wooden supports creaking under the weight of time. There is a weak light flickering from within. Someone is inside.
"Stay alert," Gord warns, drawing her sword.
"Jack?" Rothütle calls out in Jack's language. "Are you there?"
A shadowy figure emerges from the darkness — it's Carl Benz. "So, you made it," he says slightly excitedly. "So, where is Jack?"
Back inside the mine, Gord is checking the workshop area that spans several tunnels. There are blueprints and mechanical parts scattered around. There is also a round mechanical device that has buttons and gears.
Carl is talking to Rothütle. "Jack left two days ago to meet you in Freiburg," Carl explains.
"What are you doing here anyway?" Rothütle asks.
"I'm working on a mechanized carriage," Carl replies. "Jack supports me with resources, and some designs. That's why I wanted you to come here."
Rothütle is confused. "So, did you write this letter?" He shows Carl the letter they found earlier.
Carl shakes his head. "No, I didn't. Jack have done it in my stead to meet you. But why is it written in your language?"
"And why does it sound so urgent?" Rothütle ponders.
"Perhaps Jack didn't want me to meet you", Gord interjects. "He must have known I'm looking for you."
"So where is he now?" Rothütle asks anxiously.
Gord looks at Carl. "Let's stay here for the night. We can leave safely when you're gone in the morning."
Then, whispering to Rothütle, she adds, "I don't like the mines. Looks like a good place for shadows."
Tip of the day: CVEs are often exploited by Jack the Miner to infiltrate systems. When a CVE is disclosed, prioritize patching and mitigation to prevent exploitation immediately, as the attackers also get notified.
Security Tip #12 — Prioritize CVE Patching and Mitigation
When a CVE (Common Vulnerabilities and Exposures) is announced, it means that a security flaw has been identified in software or hardware. Attackers, like Jack the Miner in our story, get notified of these vulnerabilities as well, and they often exploit them quickly to infiltrate systems.
This is the case with the recent React2Shell vulnerability (CVE-2025-55182) that allows remote code execution on a server running a vulnerable version of React. Once the CVE was disclosed, attackers started running crypto miners on compromised servers within hours.
As Docker Captain Jonas Scholz explains in this video, the companies that patched their software within 24 hours were all safe from exploitation, while those who delayed patching for 72 hours were all compromised on a certain hosting provider.
To protect your systems from such attacks, be sure to react quickly when a CVE is disclosed.
📘 Learn Docker and Kubernetes Security
To learn more about securing your supply chain and infrastructure, check out my book Docker and Kubernetes Security, which is currently 40% off.
🔗 buy.DockerSecurity.io
💬 Code: BLACKFOREST25
👉 To have the story delivered to your inbox every day in December, subscribe to my Medium publications.
Top comments (0)