Tag: kubernetes
-
Don’t Let Your Cloud Security Catch a Bad Case of Permission Creep
Tags: access, attack, breach, cloud, compliance, control, data, exploit, governance, iam, identity, international, Internet, kubernetes, least-privilege, mfa, risk, service, software, technology, threat, tool, vulnerabilityCloud security teams are often blind to one of the biggest threats to cloud environments: a web of over-privileged identities that create pathways for attackers. Learn how to regain control of your cloud identities by automating the enforcement of least privilege across your environment. Key takeaways The gradual accumulation of excessive and unused cloud permissions,…
-
Don’t Let Your Cloud Security Catch a Bad Case of Permission Creep
Tags: access, attack, breach, cloud, compliance, control, data, exploit, governance, iam, identity, international, Internet, kubernetes, least-privilege, mfa, risk, service, software, technology, threat, tool, vulnerabilityCloud security teams are often blind to one of the biggest threats to cloud environments: a web of over-privileged identities that create pathways for attackers. Learn how to regain control of your cloud identities by automating the enforcement of least privilege across your environment. Key takeaways The gradual accumulation of excessive and unused cloud permissions,…
-
SUSE Rancher Flaws Allow Attackers to Lock Out Admin Accounts
A critical security vulnerability in SUSE Rancher Manager has been discovered that enables attackers with elevated privileges to lock out administrative accounts, potentially disrupting entire Kubernetes cluster management operations. The flaw, tracked asCVE-2024-58260, carries a high severity rating with a CVSS score of 7.1. Vulnerability Overview The security issue stems from missing server-side validation on the username…
-
Sicherheitslücken in Chaos Mesh – Angreifer können gezielt Kubernetes-Umgebungen stören
Tags: kubernetesFirst seen on security-insider.de Jump to article: www.security-insider.de/jfrog-warnt-vor-chaotic-deputy-sicherheitsluecken-in-chaos-mesh-a-2ee41556c3e98fef8678ae575eaf95c3/
-
Sicherheitslücken in Chaos Mesh – Angreifer können gezielt Kubernetes-Umgebungen stören
Tags: kubernetesFirst seen on security-insider.de Jump to article: www.security-insider.de/jfrog-warnt-vor-chaotic-deputy-sicherheitsluecken-in-chaos-mesh-a-2ee41556c3e98fef8678ae575eaf95c3/
-
ShadowV2 turns DDoS into a cloud-native subscription service
From botnet to business platform: ShadowV2 is not just malware, it is a marketplace. Darktrace uncovered a full operator interface built with Tailwind and FastAPI, complete with Swagger documentation, admin and user privilege tiers, blacklists, and modular attack options. The design mirrors legitimate SaaS platforms, featuring dashboards and animations that make DDoS as easy as…
-
Kubernetes matures as AI and GitOps reshape operations
Kubernetes has moved well past its early adoption phase. The new Komodor 2025 Enterprise Kubernetes Report shows that technical teams are shifting their focus from running … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/22/report-kubernetes-ai-gitops-trends/
-
What’s New in Tenable Cloud Security: A More Personalized, Global and Comprehensive Experience
Tags: best-practice, cloud, compliance, container, control, data, fintech, framework, infrastructure, kubernetes, least-privilege, microsoft, oracle, risk, service, threat, tool, update, vulnerabilityCheck out the latest enhancements to our CNAPP product, including a more intuitive user experience with customizable dashboards, and stronger workload protection and data security. These improvements are designed to help you personalize workflows and gain deeper visibility across workloads, compliance frameworks and cloud databases. Key takeaways Tenable Cloud Security is now more personalized and…
-
Gefährliche Schwachstellen in Kubernetes-Testing-Plattform Chaos-Mesh
Das JFrog-Security-Research-Team hat mehrere kritische Schwachstellen in Chaos-Mesh, einer weit verbreiteten Testing-Plattform in Kubernetes-Umgebungen, entdeckt und offengelegt. Die Sicherheitslücken wurden unter dem Namen ‘Chaotic Deputy” (CVE-2025-59358, CVE-2025-59359, CVE-2025-59360 und CVE-2025-59361) zusammengefasst, wobei die letzten drei jeweils eine CVSS-Bewertung von 9.8 aufweisen. Sie ermöglichen es Angreifern mit Zugriff innerhalb des Clusters, vollständige Kontrolle über die Umgebung…
-
Chaos Mesh Critical Vulnerabilities Expose Kubernetes Clusters to Takeover
Security Research recently uncovered four new flaws, CVE-2025-59358, CVE-2025-59359, CVE-2025-59360, and CVE-2025-59361, in the default configuration of the Chaos Controller Manager GraphQL server, a popular open-source chaos engineering platform for Kubernetes. Three of these flaws carry a maximum CVSS 3.1 score of 9.8, enabling any pod in the cluster to run arbitrary commands or inject…
-
Kubernetes C# Client Flaw Exposes API Server to MiTM Attacks
A recently disclosed vulnerability in the Kubernetes C# client library allows attackers to carry out man-in-the-middle (MiTM) attacks against the API server. The flaw stems from improper certificate validation when using custom certificate authorities (CAs). As organizations increasingly rely on Kubernetes for container orchestration, this weakness could enable interception or alteration of critical control-plane traffic,…
-
Chaos-Mesh flaws put Kubernetes clusters at risk of full takeover
Tags: access, api, authentication, cloud, control, data-breach, exploit, flaw, infrastructure, injection, kubernetes, network, risk, service, tool, vulnerabilitychaosctl tool and port. Some cloud infrastructure providers that offer Chaos-Mesh implementations as part of their managed Kubernetes Services, such as Azure Chaos Studio, are also impacted. Chaos-Mesh was designed to orchestrate fault scenarios that could impact infrastructure and applications. The researchers observed that one core component of Chaos-Mesh, the Controller Manager, exposed a GraphQL…
-
Critical Bugs in Chaos Mesh Enable Cluster Takeover
Chaotic Deputy is a set of four vulnerabilities in the chaos engineering platform that many organizations use to test the resilience of their Kubernetes environments. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/critical-bugs-chaos-mesh-cluster-takeover
-
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
Tags: access, cybersecurity, exploit, flaw, injection, kubernetes, network, rce, remote-code-execution, vulnerabilityCybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments.”Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform’s fault injections (such as shutting down pods or disrupting network communications), and perform First seen on thehackernews.com Jump to…
-
How Wesco cut through the noise and reimagined risk management
Tags: ai, application-security, automation, awareness, business, conference, container, control, data, defense, detection, exploit, github, intelligence, kubernetes, microsoft, mitigation, risk, risk-management, software, strategy, threat, tool, vulnerability, zero-dayProactive defense: Real-time threat intelligence feeds allow Wesco to spot and neutralize vulnerabilities before they escalate.Improved awareness: Developers and security teams have clearer visibility into zero-day threats and can act faster.Application security posture enhancement: A “security champions program” ensures accountability doesn’t sit only with the security team but across development and executive teams, too.AI-driven risk…
-
Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage
The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can’t keep up with.As adoption grows, so does complexity. Security teams are asked to monitor sprawling hybrid First seen…
-
CodeCloud Visibility: Why Fragmented Security Can’t Scale
Tags: ai, api, best-practice, business, ciso, cloud, container, data, flaw, identity, infrastructure, kubernetes, risk, risk-management, service, strategy, threat, tool, vulnerability, vulnerability-managementWidespread visibility is critical for cloud security, but obtaining it is easier said than done. To discover insights and best practices for code-to-cloud visibility, check out highlights from a new IDC white paper. Plus, learn how Tenable’s CNAPP and exposure management platform give you an unimpeded view of your multi-cloud and hybrid environment. The modern…
-
Attackers Abuse Kubernetes DNS to Extract Git Credentials from ArgoCD
A newly discovered attack method targeting ArgoCD and Kubernetes that could give red-teamers fresh ammo and blue-teamers fresh headaches. This technique lets an attacker abuse Kubernetes DNS to steal powerful Git credentials from ArgoCD, potentially taking over entire Git accounts. Why Target ArgoCD and Kubernetes? In 2025, data exfiltration attacks are a major threat in…
-
The Quiet Revolution in Kubernetes Security
As Kubernetes becomes the foundation of enterprise infrastructure, the underlying operating system must evolve alongside it. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/quiet-revolution-kubernetes-security
-
The Quiet Revolution in Kubernetes Security
As Kubernetes becomes the foundation of enterprise infrastructure, the underlying operating system must evolve alongside it. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/quiet-revolution-kubernetes-security
-
The Quiet Revolution in Kubernetes Security
As Kubernetes becomes the foundation of enterprise infrastructure, the underlying operating system must evolve alongside it. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/quiet-revolution-kubernetes-security
-
Argo CD Security Flaw Rated 9.8 Leaves GitOps Repositories Exposed
Tags: api, cloud, credentials, cve, cvss, data-breach, flaw, kubernetes, open-source, password, tool, vulnerabilityA security flaw in Argo CD, the popular open-source GitOps tool for Kubernetes, has been targeted at the DevOps and cloud-native communities. Tracked as CVE-2025-55190, the vulnerability has been rated critical with a CVSS score of 9.8 out of 10, as it allows attackers to retrieve sensitive repository credentials, including usernames and passwords, through a…
-
Critical Argo CD API Flaw Exposes Repository Credentials to Attackers
A major security flaw has been discovered in Argo CD, a popular open-source tool used for Kubernetes GitOps deployments. The vulnerability allows project-level API tokens to expose sensitive repository credentials, such as usernames and passwords, to attackers. The issue has been classified as critical with a CVSS score of 9.8/10 and is tracked asCVE-2025-55190. The…
-
SUSE Fleet: Plain Text Storage of Vulnerability Exploit Helm Values
A high-severity vulnerability in SUSE’s Fleet, a GitOps management tool for Kubernetes clusters, has been disclosed by security researcher samjustus via GitHub Security Advisory GHSA-6h9x-9j5v-7w9h. The vulnerability, tracked as CVE-2024-52284, allows Helm chart values”, often containing sensitive credentials”, to be stored inside BundleDeployment resources in plain text, exposing them to any user with GET or…