Jake Saunders recounts waking up to an email from his hosting provider about suspicious activity from his server, which turned out to be running cryptocurrency mining software. He discovered that a vulnerability in the Next.js framework, used by his analytics tool Umami, allowed an attacker to exploit his server. After a tense investigation, he confirmed that the malware was contained within a Docker container and hadn't compromised the host system.