Tag: kubernetes
-
The most severe Linux threat to surface in years catches the world flat-footed
CopyFail threatens multi-tenant servers, CI/CD work flows, Kubernetes containers, and more. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/as-the-most-severe-linux-threat-in-years-surfaces-the-world-scrambles/
-
How Do I Fix CrashLoopBackOff in Kubernetes (Step”‘by”‘Step)?
<div cla When a Pod goes into CrashLoopBackOff, it can feel like Kubernetes has turned against you: the container keeps restarting, logs scroll by, and your users are still seeing errors. This guide walks through what CrashLoopBackOff actually means, the most common reasons it happens, and practical steps you can take to diagnose and fix…
-
CNAPP ein Kaufratgeber
Tags: access, ai, application-security, attack, authentication, cloud, container, detection, edr, encryption, framework, group, ibm, infrastructure, intelligence, kubernetes, linux, ml, monitoring, network, open-source, risk-management, saas, soar, software, supply-chain, threat, tool, vmwareCloud Security bleibt ein diffiziles Thema und die Tools, mit denen sie sich gewährleisten lässt, werden zunehmend komplexer und schwieriger zu durchschauen auch dank der ungebrochenen Liebe der Branche zu Akronymen. Mit CNAPP kommt nun ein weiteres hinzu. Die Abkürzung steht für Cloud-Native Application Protection Platform und kombiniert die Funktionen von vier separaten Cloud-Security-Werkzeugen: Cloud…
-
Supply Chain Attacks Are Getting Worse”, How to Shrink Your Exposure
<div cla In March 2026, Trivy, one of the most widely used open-source vulnerability scanners in the Kubernetes ecosystem, was weaponized against the very organizations that relied on it for security. Attackers compromised the Aqua Security repository, force-pushed malicious binaries, and poisoned 75 of 76 version tags in the process. Any pipeline that pulled trivy:latest…
-
Kubernetes Is Eating Production: Why Usage Keeps Climbing Into 2026
<div cla Kubernetes isn’t just up in 2026; it’s becoming the default foundation for production software and AI. The latest CNCF Annual Cloud Native Survey shows that Kubernetes is now the backbone of production infrastructure, with 82% of container users running Kubernetes in production and 94% either running, piloting, or evaluating it. At this point,…
-
Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses
Tags: access, ai, api, attack, automation, cloud, credentials, crypto, data, github, guide, intelligence, kubernetes, linux, macOS, malicious, malware, open-source, pypi, risk, software, supply-chain, tactics, theft, tool, update, windows, worm<div cla TL;DR Sonatype identified 21,764 open source malware packages in Q1 2026, bringing the total logged since 2017 to 1,346,867. npm accounted for 75% of malicious packages this quarter. Trojans dominated, with most activity focused on credential theft, host reconnaissance, and staged payload delivery. The quarter’s defining pattern was trust abuse: attackers succeeded by…
-
Kubernetes Strategy: When It’s a Fit and Who Should Run It
<div cla Many organizations that use containers now run at least some production workloads on Kubernetes, and it comes up in most infrastructure discussions. But not every organization actually needs it or needs to run it themselves. This Q&A explains when Kubernetes is a good fit, when it’s overkill, what skills you need, and how…
-
LLM-generated passwords are indefensible. Your codebase may already prove it
Temperature is not a remedy: A reflexive objection from practitioners familiar with LLM configuration holds that increasing sampling temperature would attenuate these distributional biases by flattening the probability landscape from which characters are drawn. Irregular’s empirical results are unambiguous in refuting this intuition. Testing conducted at temperature 1.0, the maximum setting on Claude, produces no…
-
Kubernetes Flaws Let Hackers Jump From Containers to Cloud Accounts
Hackers are increasingly abusing Kubernetes misconfigurations to jump from containers into high”‘value cloud accounts, turning a single compromised pod into full cloud”‘level access. This trend is accelerating rapidly, with Kubernetes”‘related identity abuse and token-theft operations growing sharply across enterprise environments. Kubernetes now underpins many large”‘scale applications, making it a prime target for attackers who want…
-
Supply Chain Attacks Surge in March 2026
Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windowsIntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
-
How Do I Make Kubernetes Self”‘Service Without Losing Control?
<div cla Platform teams are under pressure to move faster, but handing full Kubernetes access to every developer is risky. Self”‘service and control are not opposites; they are two sides of a well”‘designed platform. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/how-do-i-make-kubernetes-self%e2%80%91service-without-losing-control/
-
Airlock-Microgateway 5.0 sichert Handlungsfähigkeit in Kubernetes nach dem Ende von Ingress-NGINX
Das Airlock-Microgateway 5.0 ist ab sofort verfügbar und unterstützt Unternehmen dabei, ihre Kubernetes-Cluster nach dem Support-Ende von Ingress-NGINX zukunftssicher zu betreiben. Der Handlungsbedarf ist für viele Plattformteams akut: Seit Ende März gibt es keine weiteren Releases, Bugfixes oder Security-Updates für den weit verbreiteten Kubernetes-Ingress-Controller. Für viele Organisationen ist das ein sicherheitsrelevanter Wendepunkt. Erst Anfang Februar…
-
Why Kubernetes controllers are the perfect backdoor
Tags: access, api, automation, backdoor, compliance, container, control, kubernetes, malicious, mitre, service, threatFigure 1: Anatomy of a controller-based attack. The malicious webhook intercepts legitimate pod creation requests and injects a backdoor sidecar before the object is persisted to etcd. Niranjan Kumar Sharma As illustrated in Figure 1, this webhook acts as a controller. Every time a legitimate pod is created (e.g., a payment service), the API server sends…
-
Telnyx Python SDK Backdoored on PyPI to Steal Cloud Credentials
The popular Telnyx Python SDK on PyPI to deploy a multi”‘stage credential”‘stealing operation that targets cloud infrastructure, Kubernetes clusters, and developer environments at scale. On March 27, 2026, TeamPCP uploaded two malicious Telnyx SDK releases, versions 4.87.1 and 4.87.2, directly to PyPI at around 03:51 UTC, bypassing the normal GitHub”‘backed release flow used by the…
-
Kubernetes Upgrades Are Eating Engineering Time: How to Get It Back
<div cla Kubernetes powers your products, but it quietly hijacks your engineering organization. Every year, you pay senior engineers to wrestle with version bumps, API deprecations, and broken add”‘ons that don’t move a single KPI your customers care about. Numbers vary by environment, but in many mid”‘size EKS deployments, a single minor upgrade across three…
-
Malicious LiteLLM versions linked to TeamPCP supply chain attack
TeamPCP backdoored LiteLLM v1.82.71.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8, likely through a Trivy CI/CD breach. LiteLLM, with over 95 million monthly downloads, helps developers route LLM requests via a single API. The malicious releases, now…
-
Malicious LiteLLM versions linked to TeamPCP supply chain attack
TeamPCP backdoored LiteLLM v1.82.71.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8, likely through a Trivy CI/CD breach. LiteLLM, with over 95 million monthly downloads, helps developers route LLM requests via a single API. The malicious releases, now…
-
TeamPCP Backdoors LiteLLM Versions 1.82.71.82.8 via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor.Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on…
-
TeamPCP Backdoors LiteLLM Versions 1.82.71.82.8 Likely via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor.Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on…
-
Sysdig feiert 10-jähriges Jubiläum von Falco mit einer 70.000 US-Dollar-Spende
Sysdig gab bekannt, dass das Unternehmen im Rahmen der Crowdfunding-Initiative der Linux Foundation eine Spende in Höhe von 70.000 US-Dollar an das Falco-Projekt übergibt. Die Spende erfolgt anlässlich des 10-jährigen Jubiläums von Falco und kurz nach einer Umfrage der Cloud Native Computing Foundation (CNCF), aus der hervorgeht, dass 82 Prozent der KI-Workloads mittlerweile auf Kubernetes…
-
TeamPCP Unleashes Iran-Targeted CanisterWorm Kubernetes Wiper
CanisterWorm’s latest evolution turns TeamPCP’s cloud-native toolkit into a geopolitically tuned wiper, capable of bricking entire Kubernetes clusters when it lands on systems configured for Iran. The campaign reuses the same Internet Computer Protocol (ICP) canister C2 and backdoor infrastructure seen in the earlier Trivy and NPM CanisterWorm incidents. However, it now adds selective destruction…
-
NVIDIA puts GPU orchestration in community hands
GPU-accelerated AI workloads now run on Kubernetes in the large majority of enterprise environments. Managing those workloads at scale has required specialized tooling that, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/24/nvidia-kubernetes-gpu-driver-community/
-
Wenn KI auf Kubernetes trifft: Sysdig feiert 10 Jahre Falco
Diese Jubiläumsankündigung zeigt vor allem eines: Open Source lebt von Engagement und von Unternehmen, die bereit sind, Verantwortung für die Technologien zu übernehmen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-ki-auf-kubernetes-trifft-sysdig-feiert-10-jahre-falco/a44262/
-
New CanisterWorm Targets Kubernetes Clusters, Deploys “Kamikaze” Wiper
CanisterWorm spreads via npm supply chain attack, hijacks developer accounts, targets Kubernetes clusters, and deploys destructive Kamikaze wiper payload. First seen on hackread.com Jump to article: hackread.com/canisterworm-kubernetes-clusters-kamikaze-wiper/
-
TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects systems configured for Iran. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/teampcp-deploys-iran-targeted-wiper-in-kubernetes-attacks/
-
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments.The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library.”New image tags 0.69.5 and…
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…