Collecting Cyber-News from over 60 sources

Tag: kubernetes

Attackers Exploit Docker, Kubernetes Misconfigs to Breach Hosts

Jun 1, 2026 4:42 PM

Tags: api, breach, cloud, container, cyber, docker, endpoint, exploit, infrastructure, kubernetes, service, threat

Attackers are increasingly targeting Docker and Kubernetes environments by exploiting misconfigurations, weak isolation boundaries, and insecure APIs to compromise host systems and entire clusters. As containerization becomes the backbone of modern cloud infrastructure, threat actors are shifting focus from traditional endpoints to container ecosystems, where a single weakness can expose critical services at scale. A…
Schweizer Telekom-Riese legt Kubernetes-Architektur offen – Swisscom veröffentlicht komplette souveräne Cloud-Infrastruktur

Jun 1, 2026 9:42 AM

Tags: cloud, infrastructure, kubernetes

First seen on security-insider.de Jump to article: www.security-insider.de/swisscom-kubernetes-architektur-souveraene-private-cloud-a-b1d80e4d46847571294872bf9b2ea1e9/
P2PInfect Botnet Targets Kubernetes via Exposed Redis

May 21, 2026 10:00 AM

Tags: access, botnet, cloud, cyber, data-breach, google, kubernetes, service

A persistent P2Pinfect botnet campaign targeting Google Kubernetes Engine (GKE) clusters through exposed Redis instances, highlighting how a single cloud misconfiguration can enable long-term compromise. In several investigated environments, attackers maintained access for up to six months, with consistent botnet activity detected through FortiCNAPP composite alerts. The intrusion chain began with publicly exposed Redis services,…
P2PInfect Botnet Targets Kubernetes via Exposed Redis

May 21, 2026 10:00 AM

Tags: access, botnet, cloud, cyber, data-breach, google, kubernetes, service

A persistent P2Pinfect botnet campaign targeting Google Kubernetes Engine (GKE) clusters through exposed Redis instances, highlighting how a single cloud misconfiguration can enable long-term compromise. In several investigated environments, attackers maintained access for up to six months, with consistent botnet activity detected through FortiCNAPP composite alerts. The intrusion chain began with publicly exposed Redis services,…
Shai-Hulud Worm Steals Dev Secrets Across npm, GitHub, AWS Kubernetes

May 15, 2026 4:00 PM

Tags: credentials, cyber, cybersecurity, github, intelligence, kubernetes, open-source, software, threat, worm

Shai-Hulud is a major cybersecurity threat targeting the open-source software supply chain. Security researchers are raising alarms over “Shai-Hulud,” a self-propagating npm worm designed to steal sensitive developer credentials from GitHub, AWS, Kubernetes, and local environments. The campaign, tracked by SlowMist’s MistEye threat intelligence platform, is already being described as one of the largest npm…
EU’s Cyber Resiliency Act will put IT leaders to the test

May 15, 2026 12:00 PM

Tags: access, attack, cio, cyber, cybersecurity, data, encryption, exploit, firewall, Hardware, identity, infrastructure, Internet, kubernetes, law, malicious, mitigation, open-source, password, programming, regulation, risk, risk-assessment, router, sbom, software, supply-chain, tool, update, vpn, vulnerability

Product safety: The CRA says digital products have to be secure by design and default, and can’t ship with known vulnerabilities like obvious default passwords that can be exploited. They also must be updatable if such vulnerabilities are found later, as well as minimize their impact by limiting the attack surface and protecting confidentiality and…
EU’s Cyber Resiliency Act will put IT leaders to the test

May 15, 2026 12:00 PM

Tags: access, attack, cio, cyber, cybersecurity, data, encryption, exploit, firewall, Hardware, identity, infrastructure, Internet, kubernetes, law, malicious, mitigation, open-source, password, programming, regulation, risk, risk-assessment, router, sbom, software, supply-chain, tool, update, vpn, vulnerability

Product safety: The CRA says digital products have to be secure by design and default, and can’t ship with known vulnerabilities like obvious default passwords that can be exploited. They also must be updatable if such vulnerabilities are found later, as well as minimize their impact by limiting the attack surface and protecting confidentiality and…
170 npm Packages Hijacked to Steal GitHub, AWS Kubernetes Secrets

May 14, 2026 2:00 PM

Tags: attack, cloud, cyber, github, hacker, kubernetes, malicious, pypi, supply-chain

Hackers have launched a large-scale supply chain attack by compromising more than 170 npm packages and two PyPI libraries, collectively downloaded over 200 million times weekly, to steal sensitive developer and cloud credentials. The malicious npm packages contain a hidden preinstall script that silently executes during installation. This script deploys a loader, which downloads a…
Mistral AI SDK, TanStack Router hit in npm software supply chain attack

May 12, 2026 8:19 PM

Tags: ai, api, attack, breach, cloud, credentials, data, data-breach, exploit, github, kubernetes, malicious, malware, network, open-source, password, router, service, software, supply-chain, switch, vulnerability

pull_request_target. This allows third-party workflows to run automatically, a way of avoiding maintainer approval fatigue, but means that the maintainer’s short-lived OIDC tokens become vulnerable to scraping.Armed with these tokens, the attacker were able to compromise the packages by injecting the malicious Mini Shai-Hulud malware, which propagated to other projects.The purpose is to steal developer…
PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB Credentials

May 8, 2026 8:49 AM

Tags: breach, cloud, container, credentials, cyber, data-breach, docker, extortion, framework, fraud, infrastructure, kubernetes, malware, spam, threat, worm

A newly identified malware framework dubbed PCPJack is targeting exposed cloud and container infrastructure to steal credentials at scale while actively removing artifacts linked to the TeamPCP threat actor. Unlike typical cloud-focused campaigns, PCPJack skips cryptomining entirely and instead appears optimized for fraud, spam, extortion, and resale of stolen access. TeamPCP itself drew attention earlier in 2026…
Argo CD ServerSideDiff Flaw Allows Attackers to Extract Kubernetes Secrets

May 6, 2026 11:48 AM

Tags: cve, cyber, data, flaw, kubernetes, vulnerability

A critical vulnerability has been identified in Argo CD that could allow attackers with minimal privileges to extract highly sensitive Kubernetes Secrets directly from etcd clusters. Tracked as CVE-2026-42880 and rated 9.6, this severe security flaw exposes a missing authorisation and data-masking gap within the platform. According to the disclosure, this exposure primarily affects environments…
‘Trivial’ exploit can give attackers root access to Linux kernel

May 1, 2026 5:39 AM

Tags: access, ai, attack, business, cloud, container, cve, data, exploit, flaw, github, gitlab, Hardware, incident response, iot, korea, kubernetes, linux, malware, monitoring, remote-code-execution, risk, risk-assessment, saas, sans, software, supply-chain, theft, threat, unauthorized, update, vulnerability

), which lets users easily obtain root access, there isn’t much CSOs can do, says Johannes Ullrich, dean of research at the SANS Institute, as long as they have monitoring for privilege escalation already in place.With root access, a threat actor can do anything to a system, from data theft to data erasure.”The CopyFail vulnerability…
The most severe Linux threat to surface in years catches the world flat-footed

Apr 30, 2026 11:38 PM

Tags: container, kubernetes, linux, threat

CopyFail threatens multi-tenant servers, CI/CD work flows, Kubernetes containers, and more. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/as-the-most-severe-linux-threat-in-years-surfaces-the-world-scrambles/
How Do I Fix CrashLoopBackOff in Kubernetes (Step”‘by”‘Step)?

Apr 29, 2026 7:39 PM

Tags: container, guide, kubernetes, service

<div cla When a Pod goes into CrashLoopBackOff, it can feel like Kubernetes has turned against you: the container keeps restarting, logs scroll by, and your users are still seeing errors. This guide walks through what CrashLoopBackOff actually means, the most common reasons it happens, and practical steps you can take to diagnose and fix…
CNAPP ein Kaufratgeber

Apr 23, 2026 6:39 AM

Tags: access, ai, application-security, attack, authentication, cloud, container, detection, edr, encryption, framework, group, ibm, infrastructure, intelligence, kubernetes, linux, ml, monitoring, network, open-source, risk-management, saas, soar, software, supply-chain, threat, tool, vmware

Cloud Security bleibt ein diffiziles Thema und die Tools, mit denen sie sich gewährleisten lässt, werden zunehmend komplexer und schwieriger zu durchschauen auch dank der ungebrochenen Liebe der Branche zu Akronymen. Mit CNAPP kommt nun ein weiteres hinzu. Die Abkürzung steht für Cloud-Native Application Protection Platform und kombiniert die Funktionen von vier separaten Cloud-Security-Werkzeugen: Cloud…
Supply Chain Attacks Are Getting Worse”, How to Shrink Your Exposure

Apr 22, 2026 10:39 PM

Tags: attack, exploit, kubernetes, malicious, open-source, supply-chain, vulnerability

<div cla In March 2026, Trivy, one of the most widely used open-source vulnerability scanners in the Kubernetes ecosystem, was weaponized against the very organizations that relied on it for security. Attackers compromised the Aqua Security repository, force-pushed malicious binaries, and poisoned 75 of 76 version tags in the process. Any pipeline that pulled trivy:latest…
Kubernetes Is Eating Production: Why Usage Keeps Climbing Into 2026

Apr 14, 2026 4:52 PM

Tags: cloud, container, infrastructure, kubernetes, software

<div cla Kubernetes isn’t just up in 2026; it’s becoming the default foundation for production software and AI. The latest CNCF Annual Cloud Native Survey shows that Kubernetes is now the backbone of production infrastructure, with 82% of container users running Kubernetes in production and 94% either running, piloting, or evaluating it. At this point,…
Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses

Apr 14, 2026 2:51 PM

Tags: access, ai, api, attack, automation, cloud, credentials, crypto, data, github, guide, intelligence, kubernetes, linux, macOS, malicious, malware, open-source, pypi, risk, software, supply-chain, tactics, theft, tool, update, windows, worm

<div cla TL;DR Sonatype identified 21,764 open source malware packages in Q1 2026, bringing the total logged since 2017 to 1,346,867. npm accounted for 75% of malicious packages this quarter. Trojans dominated, with most activity focused on credential theft, host reconnaissance, and staged payload delivery. The quarter’s defining pattern was trust abuse: attackers succeeded by…
Kubernetes Strategy: When It’s a Fit and Who Should Run It

Apr 8, 2026 6:52 PM

Tags: container, infrastructure, kubernetes, skills, strategy, technology

<div cla Many organizations that use containers now run at least some production workloads on Kubernetes, and it comes up in most infrastructure discussions. But not every organization actually needs it or needs to run it themselves. This Q&A explains when Kubernetes is a good fit, when it’s overkill, what skills you need, and how…
LLM-generated passwords are indefensible. Your codebase may already prove it

Apr 8, 2026 1:52 PM

Tags: ai, api, attack, authentication, awareness, chatgpt, control, credentials, data, detection, docker, github, injection, kaspersky, kubernetes, LLM, nist, password, risk, service, threat, tool, training

Temperature is not a remedy: A reflexive objection from practitioners familiar with LLM configuration holds that increasing sampling temperature would attenuate these distributional biases by flattening the probability landscape from which characters are drawn. Irregular’s empirical results are unambiguous in refuting this intuition. Testing conducted at temperature 1.0, the maximum setting on Claude, produces no…
Kubernetes Flaws Let Hackers Jump From Containers to Cloud Accounts

Apr 7, 2026 2:50 PM

Tags: cloud, container, cyber, flaw, hacker, identity, kubernetes, theft

Hackers are increasingly abusing Kubernetes misconfigurations to jump from containers into high”‘value cloud accounts, turning a single compromised pod into full cloud”‘level access. This trend is accelerating rapidly, with Kubernetes”‘related identity abuse and token-theft operations growing sharply across enterprise environments. Kubernetes now underpins many large”‘scale applications, making it a prime target for attackers who want…
Supply Chain Attacks Surge in March 2026

Apr 4, 2026 5:53 AM

Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windows

IntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
How Do I Make Kubernetes Self”‘Service Without Losing Control?

Apr 2, 2026 6:51 PM

Tags: access, control, kubernetes

<div cla Platform teams are under pressure to move faster, but handing full Kubernetes access to every developer is risky. Self”‘service and control are not opposites; they are two sides of a well”‘designed platform. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/how-do-i-make-kubernetes-self%e2%80%91service-without-losing-control/
Airlock-Microgateway 5.0 sichert Handlungsfähigkeit in Kubernetes nach dem Ende von Ingress-NGINX

Apr 1, 2026 2:29 PM

Tags: kubernetes, update

Das Airlock-Microgateway 5.0 ist ab sofort verfügbar und unterstützt Unternehmen dabei, ihre Kubernetes-Cluster nach dem Support-Ende von Ingress-NGINX zukunftssicher zu betreiben. Der Handlungsbedarf ist für viele Plattformteams akut: Seit Ende März gibt es keine weiteren Releases, Bugfixes oder Security-Updates für den weit verbreiteten Kubernetes-Ingress-Controller. Für viele Organisationen ist das ein sicherheitsrelevanter Wendepunkt. Erst Anfang Februar…
Why Kubernetes controllers are the perfect backdoor

Mar 30, 2026 12:30 PM

Tags: access, api, automation, backdoor, compliance, container, control, kubernetes, malicious, mitre, service, threat

Figure 1: Anatomy of a controller-based attack. The malicious webhook intercepts legitimate pod creation requests and injects a backdoor sidecar before the object is persisted to etcd. Niranjan Kumar Sharma As illustrated in Figure 1, this webhook acts as a controller. Every time a legitimate pod is created (e.g., a payment service), the API server sends…
Telnyx Python SDK Backdoored on PyPI to Steal Cloud Credentials

Mar 30, 2026 12:30 PM

Tags: cloud, credentials, cyber, infrastructure, kubernetes, malicious, pypi

The popular Telnyx Python SDK on PyPI to deploy a multi”‘stage credential”‘stealing operation that targets cloud infrastructure, Kubernetes clusters, and developer environments at scale. On March 27, 2026, TeamPCP uploaded two malicious Telnyx SDK releases, versions 4.87.1 and 4.87.2, directly to PyPI at around 03:51 UTC, bypassing the normal GitHub”‘backed release flow used by the…
CanisterWorm Targets Docker, Kubernetes, and Redis to Steal Secrets

Mar 30, 2026 9:30 AM

Tags: access, api, cloud, credentials, cyber, cybercrime, data-breach, docker, exploit, extortion, group, kubernetes, malware, unauthorized, vulnerability

A financially motivated cybercrime group known as TeamPCP is actively exploiting poorly secured cloud environments using a self-propagating malware called “CanisterWorm.” The campaign targets exposed Docker APIs, Kubernetes clusters, Redis servers, and known vulnerabilities like React2Shell to gain unauthorized access, steal credentials, and extort victims. The activity escalated over the past weekend with a destructive…
Kubernetes Upgrades Are Eating Engineering Time: How to Get It Back

Mar 26, 2026 7:47 PM

Tags: api, cloud, infrastructure, kubernetes

<div cla Kubernetes powers your products, but it quietly hijacks your engineering organization. Every year, you pay senior engineers to wrestle with version bumps, API deprecations, and broken add”‘ons that don’t move a single KPI your customers care about. Numbers vary by environment, but in many mid”‘size EKS deployments, a single minor upgrade across three…
Malicious LiteLLM versions linked to TeamPCP supply chain attack

Mar 25, 2026 11:47 AM

Tags: attack, credentials, kubernetes, LLM, malicious, supply-chain, threat, tool

TeamPCP backdoored LiteLLM v1.82.71.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8, likely through a Trivy CI/CD breach. LiteLLM, with over 95 million monthly downloads, helps developers route LLM requests via a single API. The malicious releases, now…
Malicious LiteLLM versions linked to TeamPCP supply chain attack

Mar 25, 2026 11:47 AM

Tags: attack, credentials, kubernetes, LLM, malicious, supply-chain, threat, tool

TeamPCP backdoored LiteLLM v1.82.71.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8, likely through a Trivy CI/CD breach. LiteLLM, with over 95 million monthly downloads, helps developers route LLM requests via a single API. The malicious releases, now…