Tag: kubernetes

k0s Enters CNCF Sandbox: A New Lightweight Kubernetes Option

May 29, 2025 5:55 PM

Tags: cloud, kubernetes

How k0s, a lightweight Kubernetes distribution, joins the CNCF Sandbox, enhancing cloud-native computing. Explore its features today! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/k0s-enters-cncf-sandbox-a-new-lightweight-kubernetes-option/
Critical Argo CD Flaw Exposes Kubernetes Clusters to Full Resource Manipulation

May 29, 2025 2:55 PM

Tags: cve, cyber, exploit, flaw, kubernetes, open-source, tool, vulnerability

A critical cross-site scripting (XSS) vulnerability, officially tracked as CVE-2025-47933 and GHSA-2hj5-g64g-fp6p, has been identified in Argo CD, a widely used open-source GitOps tool for Kubernetes. This flaw affects the repository URL handling mechanism in the Argo CD user interface, specifically due to improper validation of URL protocols in the ui/src/app/shared/components/urls.ts file. Attackers can exploit…
Woodpecker: Red Teaming Tool Targets AI, Kubernetes, and API Vulnerabilities

May 29, 2025 10:55 AM

Tags: ai, api, cyber, cyberattack, hacker, kubernetes, open-source, RedTeam, tool, vulnerability

Operant AI has announced the release of Woodpecker, an open-source automated red teaming engine designed to make advanced security testing accessible to organizations of all sizes. Traditionally, red teaming”, simulated cyberattacks conducted by ethical hackers to uncover vulnerabilities”, has been a privilege reserved for large enterprises with significant security budgets. With Woodpecker, Operant AI aims…
Woodpecker: Open-source red teaming for AI, Kubernetes, APIs

May 28, 2025 7:54 AM

Tags: ai, api, kubernetes, open-source, RedTeam, tool

Woodpecker is an open-source tool that automates red teaming, making advanced security testing easier and more accessible. It helps teams find and fix security weaknesses in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/28/woodpecker-open-source-red-teaming/
Tigera Introduces Calico Cloud Free Tier to Boost Kubernetes Observability and Security

May 22, 2025 10:54 PM

Tags: cloud, kubernetes

First seen on scworld.com Jump to article: www.scworld.com/news/tigera-introduces-calico-cloud-free-tier-to-boost-kubernetes-observability-and-security
Threat intelligence platform buyer’s guide: Top vendors, selection advice

May 21, 2025 8:54 AM

Tags: ai, attack, automation, breach, cloud, computing, credentials, crowdstrike, cyber, cybersecurity, dark-web, data, data-breach, deep-fake, detection, dns, edr, email, endpoint, exploit, finance, firewall, fraud, gartner, google, group, guide, identity, incident response, infrastructure, intelligence, kubernetes, law, malicious, malware, microsoft, mitigation, monitoring, network, open-source, phishing, privacy, risk, service, siem, soar, soc, sophos, sql, supply-chain, technology, threat, tool, vpn, vulnerability, zero-day

The Cybersecurity and Infrastructure Security Agency (CISA) found that since 2023 the majority of exploits were zero days, meaning exploiting heretofore unknown methods. And according to the latest Verizon Data Breach Investigations report (DBIR), the percentage of AI-assisted malicious emails doubled to 10% of the totals they observed over the past two years, making staying…
Security, Compliance, and Visibility in Kubernetes Infrastructure

May 16, 2025 5:57 AM

Tags: attack, cloud, compliance, infrastructure, kubernetes
How Managed Kubernetes-as-a-Service Unlocks Immediate Value

May 9, 2025 5:10 AM

Tags: business, kubernetes, service, software
Nutanix Sharpens Focus on Modern Workloads with Pure Storage Partnership, Kubernetes Expansion, and Agentic AI Advancements

May 8, 2025 10:10 PM

Tags: ai, kubernetes

First seen on scworld.com Jump to article: www.scworld.com/news/nutanix-sharpens-focus-on-modern-workloads-with-pure-storage-partnership-kubernetes-expansion-and-agentic-ai-advancements
Nutanix escapes the datacentre with Cloud Native AOS

May 8, 2025 1:10 PM

Tags: cloud, infrastructure, kubernetes

Hyper-converged infrastructure provider offers its operating system independently of a hypervisor to allow containerised apps to run at the edge or on Kubernetes runtimes in the Amazon cloud First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366623721/Nutanix-escapes-the-datacentre-with-Cloud-Native-AOS
Helm Charts Flaw Could Let Hackers Access Kubernetes Clusters, Microsoft Finds

May 6, 2025 9:50 PM

Tags: access, attack, data, flaw, hacker, kubernetes, leak, microsoft, risk

Default Helm charts for Kubernetes may expose clusters to attacks, Microsoft warns. Misconfigurations risk data leaks, code execution, and takeovers. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/microsoft-helm-charts-kubernetes-clusters/
Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks

May 6, 2025 4:50 PM

Tags: apache, cloud, cyber, cybersecurity, data, kubernetes, leak, microsoft, risk

Microsoft’s cybersecurity research team has issued a stark warning about the risks of using default Helm charts and Kubernetes deployment templates, revealing that popular cloud-native applications like Apache Pinot, Meshery, and Selenium Grid are being deployed with critical security gaps. These misconfigurations-often prioritizing convenience over protection-allow attackers to hijack databases, execute arbitrary code, and gain…
Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks

May 6, 2025 1:50 PM

Tags: cloud, data, data-breach, kubernetes, leak, microsoft

Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data.”While these ‘plug-and-play’ options greatly simplify the setup process, they often prioritize ease of use over security,” Michael Katchinskiy and Yossi Weizman from the Microsoft Defender for Cloud Research team First…
Redefining Application Security: Imperva’s Vision for the Future

May 6, 2025 5:53 AM

Tags: api, application-security, computing, kubernetes

It’s no secret that web applications have undergone a significant transformation over the past few years. The widespread adoption of containerization, serverless computing, low-code development, APIs, and microservices has redefined how applications are built, deployed, and scaled. According to Statista, over 60% of organizations now use Kubernetes to manage their containerized workloads. Meanwhile, security remains……
Microsoft finds default Kubernetes Helm charts can expose data

May 5, 2025 9:50 PM

Tags: data, kubernetes, microsoft, risk

Microsoft warns about the security risks posed by default configurations in Kubernetes deployments, particularly those using out-of-the-box Helm charts, which could publicly expose sensitive data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-finds-default-kubernetes-helm-charts-can-expose-data/
Cybersecurity Snapshot: CISA’s Best Cyber Advice on Securing Cloud, OT, Apps and More

May 2, 2025 6:50 PM

Tags: access, ai, attack, authentication, best-practice, breach, business, cisa, ciso, cloud, computer, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, exploit, firewall, flaw, framework, government, guide, hacker, iam, identity, incident, incident response, infrastructure, injection, international, Internet, iot, kubernetes, login, mfa, microsoft, mitigation, mitre, network, nist, open-source, organized, password, phishing, programming, RedTeam, risk, risk-management, sbom, service, software, sql, supply-chain, tactics, technology, threat, tool, unauthorized, update, usa, vulnerability, vulnerability-management, windows, xss, zero-day

In this special edition of the Cybersecurity Snapshot, we’re highlighting some of the most valuable guidance offered by the U.S. Cybersecurity and Infrastructure Security Agency in the past 12 months. Check out best practices, recommendations and insights on protecting your cloud environments, OT systems, software development processes and more. In case you missed it, here’s…
Kubernetes Resource Optimization Best Practices with Goldilocks

May 1, 2025 9:50 PM

Tags: best-practice, cloud, kubernetes, open-source, risk, service
CNAPP-Kaufratgeber

Apr 30, 2025 6:56 AM

Tags: access, ai, application-security, attack, authentication, cloud, container, detection, edr, encryption, framework, group, ibm, infrastructure, intelligence, kubernetes, linux, ml, monitoring, network, open-source, risk-management, saas, soar, software, supply-chain, threat, tool, vmware
Radware and SUSE Partner to Advance Secure Kubernetes Deployments for Enterprises and Service Providers

Apr 28, 2025 9:52 PM

Tags: kubernetes, service

First seen on scworld.com Jump to article: www.scworld.com/news/radware-and-suse-partner-to-advance-secure-kubernetes-deployments-for-enterprises-and-service-providers
Threat Actors Exploiting Unsecured Kubernetes Clusters for Crypto Mining

Apr 24, 2025 7:50 PM

Tags: crypto, cyber, exploit, intelligence, kubernetes, microsoft, threat

In a startling revelation from Microsoft Threat Intelligence, threat actors are increasingly targeting unsecured Kubernetes clusters to conduct illicit activities such as cryptomining. The dynamic and complex nature of containerized environments poses significant challenges for security teams in detecting runtime anomalies or identifying the source of breaches. Rising Threats in Containerized Environments According to Microsoft’s…
Time to Migrate from On-Prem to Cloud? What You Need to Know

Apr 17, 2025 7:28 PM

Tags: business, cloud, framework, google, infrastructure, kubernetes, microsoft, service
Google launches unified enterprise security platform, announces AI security agents

Apr 9, 2025 7:55 PM

Tags: access, ai, browser, chrome, cloud, compliance, control, corporate, data, detection, dns, endpoint, google, intelligence, kubernetes, malware, mandiant, network, phishing, risk, saas, service, threat, vulnerability

Cloud security enhancements: The Google Cloud Platform (GCP) Security Command Center will gain new capabilities for protecting cloud workloads, especially those related to AI model use.Model Armor, a feature that’s part of GCP’s existing AI Protection service, will allow customers to apply content safety and security controls to prompts that are sent to self-hosted AI…
CNCF survey reveals widespread Kubernetes adoption, growing reliance on cloud-native technologies

Apr 8, 2025 10:43 PM

Tags: cloud, kubernetes

First seen on scworld.com Jump to article: www.scworld.com/brief/cncf-survey-reveals-widespread-kubernetes-adoption-growing-reliance-on-cloud-native-technologies
LoftLabs unveils vNode for secure node-level isolation in shared Kubernetes environments

Apr 8, 2025 10:43 PM

Tags: kubernetes

First seen on scworld.com Jump to article: www.scworld.com/brief/loftlabs-unveils-vnode-for-secure-node-level-isolation-in-shared-kubernetes-environments
Cloud Native Security: How to Protect Your Kubernetes Infrastructure

Apr 4, 2025 11:42 PM

Tags: cloud, compliance, data, finance, infrastructure, kubernetes, tool
An Improved Detection Signature for the Kubernetes IngressNightmare Vulnerability

Apr 2, 2025 11:55 AM

Tags: cve, detection, kubernetes, vulnerability

Wiz recently published a detailed analysis of a critical vulnerability in the NGINX Ingress admission controller”, what they’ve dubbed IngressNightmare (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24514). The vulnerability stems from insufficient input validation during configuration file processing, allowing an attacker to inject arbitrary code into the NGINX process. Wiz’s writeup is excellent and covers the technical nuances…
MSSP Market Update: NGINX Flaw Could Expose Kubernetes Secrets

Mar 27, 2025 9:37 PM

Tags: flaw, kubernetes, mssp, update

First seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-update-nginx-flaw-could-expose-kubernetes-secrets
Kubernetes Ingress-nginx Remote Code Execution Vulnerability (CVE-2025-1974)

Mar 27, 2025 2:34 PM

Tags: cve, cyber, kubernetes, network, remote-code-execution, vulnerability

Overview Recently, NSFOCUS CERT detected that Kubernetes issued a security announcement and fixed the Kubernetes Ingress-nginx remote code execution vulnerability (CVE-2025-1974). The Ingress controller deployed in Kubernetes Pod can be accessed through the network without authentication. When the Admission webhook is open, an unauthenticated attacker can remotely inject any nginx configuration by sending a special…The…
PoC Exploit Released for Ingress-NGINX RCE Vulnerabilities

Mar 27, 2025 10:33 AM

Tags: cve, cyber, exploit, kubernetes, rce, remote-code-execution, vulnerability

A recently disclosed vulnerability in Ingress-NGINX, tracked as CVE-2025-1974, has raised concerns about the security of Kubernetes environments. This vulnerability allows for Remote Code Execution (RCE) through the validating webhook server integrated into Ingress-NGINX. A Proof of Concept (PoC) exploit has been released, demonstrating how attackers could exploit this flaw. CVE-2025-1974 affects versions of Ingress-NGINX…
String of defects in popular Kubernetes component puts 40% of cloud environments at risk

Mar 26, 2025 8:35 PM

Tags: cloud, data-breach, exploit, kubernetes, risk

Researchers aren’t aware of active exploitation in the wild, but they warn the risk for publicly exposed and unpatched Ingress Nginx controllers is extremely high. First seen on cyberscoop.com Jump to article: cyberscoop.com/kubernetes-nginx-controller-defects-wiz/