The document discusses external threats to Kubernetes environments, including crypto-mining malware from threat actors like TeamTNT and Kinsing. TeamTNT used exposed Kubernetes and Docker APIs to install rootkits that hid processes and broke out of containers, while Kinsing targeted Docker APIs and used a more advanced encrypting rootkit. A new threat called Doki was found using domain generation algorithms. The document recommends mitigations like using signed container images, blocking external access, and implementing zero-trust network policies to restrict communications.