Collecting Cyber-News from over 60 sources

Tag: kubernetes

How to Chart an Exposure Management Leadership Path for You, Your Boss and Your Organization

Jun 30, 2025 5:33 PM

Tags: access, attack, automation, breach, business, ciso, cloud, container, cybersecurity, data, defense, exploit, identity, incident response, iot, jobs, kubernetes, ransom, regulation, risk, security-incident, service, soc, threat, tool, vulnerability, vulnerability-management

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we share some tips on how to lead the move to exposure management. You can read the entire Exposure Management Academy series here. For years, organizations poured resources into reactive…
Is Container OS Insecurity Making Your K8s Infrastructure Less Secure?

Jun 26, 2025 5:36 AM

Tags: cloud, compliance, container, infrastructure, kubernetes, risk
Kubernetes NodeRestriction Flaw Lets Nodes Bypass Resource Authorization

Jun 25, 2025 1:36 PM

Tags: cyber, flaw, kubernetes, vulnerability

A critical security vulnerability (CVE-2025-4563) in Kubernetes allows nodes to bypass authorization checks for dynamic resource allocation, potentially enabling privilege escalation in affected clusters. The flaw resides in the NodeRestriction admission controller, which fails to validate resource claim statuses during pod creation when the DynamicResourceAllocation feature is enabled. This oversight permits compromised nodes to create…
Amazon EKS Flaws Expose AWS Credentials and Enable Privilege Escalation

Jun 23, 2025 8:35 AM

Tags: cloud, container, credentials, cyber, flaw, kubernetes, service, vulnerability

Recent research has uncovered critical security flaws in Amazon Elastic Kubernetes Service (EKS) that could expose sensitive AWS credentials and enable privilege escalation within cloud environments. The vulnerabilities, rooted in misconfigurations and excessive container privileges, highlight the ongoing challenges of securing Kubernetes-based container platforms at scale. Amazon EKS is a managed service that simplifies running…
Enterprise Kubernetes Explained: How to Leverage K8s Effectively

Jun 21, 2025 11:35 AM

Tags: cloud, governance, kubernetes, strategy
Cybersecurity Snapshot: Tenable Report Spotlights Cloud Exposures, as Google Catches Pro-Russia Hackers Impersonating Feds

Jun 20, 2025 7:35 PM

Tags: access, advisory, ai, api, apple, attack, authentication, best-practice, business, cisa, cisco, cloud, conference, container, control, credentials, cve, cyber, cybersecurity, data, data-breach, detection, email, encryption, endpoint, exploit, google, governance, government, group, guide, hacker, Hardware, identity, infrastructure, intelligence, Internet, kubernetes, linux, macOS, microsoft, mitigation, mobile, monitoring, network, oracle, password, phishing, ransomware, risk, russia, service, social-engineering, software, sql, strategy, tactics, technology, threat, tool, update, vmware, vulnerability, windows

Check out highlights from Tenable’s “2025 Cloud Security Risk Report,” which delves into the critical risk from insecure cloud configurations. Plus, Google reveals a Russia-sponsored social engineering campaign that targeted prominent academics’ Gmail accounts. And get the latest on AI system security, just-in-time access, CIS Benchmarks and more! Dive into six things that are top…
A Guide to Managed Kubernetes-as-a-Service Shared Responsibility Model

Jun 14, 2025 5:54 AM

Tags: business, google, guide, kubernetes, microsoft, service
LinuxFest Northwest: Chaos Testing Of A Postgres Cluster On Kubernetes

Jun 13, 2025 10:54 PM

Tags: ceo, cisa, conference, kubernetes, penetration-testing

Author/Presenter: Nikolay Sivko (Co-Founder And CEO At Coroot) Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.…
K8s Infrastructure Design Assessment: Optimize Cloud-Native Foundation

Jun 6, 2025 9:55 AM

Tags: business, cloud, infrastructure, kubernetes
Improving Cost Efficiency with Karpenter 1.0: An Upgrade Guide

Jun 4, 2025 7:55 AM

Tags: api, guide, infrastructure, kubernetes
Enhancing Kubernetes Security with AI-Powered Intrusion Detection

Jun 2, 2025 3:54 PM

Tags: ai, detection, kubernetes, threat

How AI and machine learning can enhance Kubernetes security. Learn about eBPF, IDS, and automated threat responses. Secure your environment today! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/enhancing-kubernetes-security-with-ai-powered-intrusion-detection/
Cybersecurity Snapshot: New Standard for AI System Security Published, While Study Finds Cyber Teams Boost Value of Business Projects

May 31, 2025 6:55 AM

Tags: access, ai, attack, authentication, awareness, best-practice, breach, business, ceo, ciso, cloud, compliance, computer, conference, control, cyber, cybersecurity, data, email, extortion, framework, group, guide, hacker, Hardware, intelligence, Internet, kubernetes, law, linux, login, metric, mfa, microsoft, mobile, phishing, ransom, ransomware, risk, service, software, supply-chain, technology, threat, tool, unauthorized, update, windows

Check out ETSI’s new global standard for securing AI systems and models. Plus, learn how CISOs and their teams add significant value to orgs’ major initiatives. In addition, discover what webinar attendees told Tenable about their cloud security challenges. And get the latest on properly decommissioning tech products; a cyber threat targeting law firms; and…
k0s Enters CNCF Sandbox: A New Lightweight Kubernetes Option

May 29, 2025 5:55 PM

Tags: cloud, kubernetes

How k0s, a lightweight Kubernetes distribution, joins the CNCF Sandbox, enhancing cloud-native computing. Explore its features today! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/k0s-enters-cncf-sandbox-a-new-lightweight-kubernetes-option/
Critical Argo CD Flaw Exposes Kubernetes Clusters to Full Resource Manipulation

May 29, 2025 2:55 PM

Tags: cve, cyber, exploit, flaw, kubernetes, open-source, tool, vulnerability

A critical cross-site scripting (XSS) vulnerability, officially tracked as CVE-2025-47933 and GHSA-2hj5-g64g-fp6p, has been identified in Argo CD, a widely used open-source GitOps tool for Kubernetes. This flaw affects the repository URL handling mechanism in the Argo CD user interface, specifically due to improper validation of URL protocols in the ui/src/app/shared/components/urls.ts file. Attackers can exploit…
Woodpecker: Red Teaming Tool Targets AI, Kubernetes, and API Vulnerabilities

May 29, 2025 10:55 AM

Tags: ai, api, cyber, cyberattack, hacker, kubernetes, open-source, RedTeam, tool, vulnerability

Operant AI has announced the release of Woodpecker, an open-source automated red teaming engine designed to make advanced security testing accessible to organizations of all sizes. Traditionally, red teaming”, simulated cyberattacks conducted by ethical hackers to uncover vulnerabilities”, has been a privilege reserved for large enterprises with significant security budgets. With Woodpecker, Operant AI aims…
Woodpecker: Open-source red teaming for AI, Kubernetes, APIs

May 28, 2025 7:54 AM

Tags: ai, api, kubernetes, open-source, RedTeam, tool

Woodpecker is an open-source tool that automates red teaming, making advanced security testing easier and more accessible. It helps teams find and fix security weaknesses in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/28/woodpecker-open-source-red-teaming/
Tigera Introduces Calico Cloud Free Tier to Boost Kubernetes Observability and Security

May 22, 2025 10:54 PM

Tags: cloud, kubernetes

First seen on scworld.com Jump to article: www.scworld.com/news/tigera-introduces-calico-cloud-free-tier-to-boost-kubernetes-observability-and-security
Threat intelligence platform buyer’s guide: Top vendors, selection advice

May 21, 2025 8:54 AM

Tags: ai, attack, automation, breach, cloud, computing, credentials, crowdstrike, cyber, cybersecurity, dark-web, data, data-breach, deep-fake, detection, dns, edr, email, endpoint, exploit, finance, firewall, fraud, gartner, google, group, guide, identity, incident response, infrastructure, intelligence, kubernetes, law, malicious, malware, microsoft, mitigation, monitoring, network, open-source, phishing, privacy, risk, service, siem, soar, soc, sophos, sql, supply-chain, technology, threat, tool, vpn, vulnerability, zero-day

The Cybersecurity and Infrastructure Security Agency (CISA) found that since 2023 the majority of exploits were zero days, meaning exploiting heretofore unknown methods. And according to the latest Verizon Data Breach Investigations report (DBIR), the percentage of AI-assisted malicious emails doubled to 10% of the totals they observed over the past two years, making staying…
Security, Compliance, and Visibility in Kubernetes Infrastructure

May 16, 2025 5:57 AM

Tags: attack, cloud, compliance, infrastructure, kubernetes
How Managed Kubernetes-as-a-Service Unlocks Immediate Value

May 9, 2025 5:10 AM

Tags: business, kubernetes, service, software
Nutanix Sharpens Focus on Modern Workloads with Pure Storage Partnership, Kubernetes Expansion, and Agentic AI Advancements

May 8, 2025 10:10 PM

Tags: ai, kubernetes

First seen on scworld.com Jump to article: www.scworld.com/news/nutanix-sharpens-focus-on-modern-workloads-with-pure-storage-partnership-kubernetes-expansion-and-agentic-ai-advancements
Nutanix escapes the datacentre with Cloud Native AOS

May 8, 2025 1:10 PM

Tags: cloud, infrastructure, kubernetes

Hyper-converged infrastructure provider offers its operating system independently of a hypervisor to allow containerised apps to run at the edge or on Kubernetes runtimes in the Amazon cloud First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366623721/Nutanix-escapes-the-datacentre-with-Cloud-Native-AOS
Helm Charts Flaw Could Let Hackers Access Kubernetes Clusters, Microsoft Finds

May 6, 2025 9:50 PM

Tags: access, attack, data, flaw, hacker, kubernetes, leak, microsoft, risk

Default Helm charts for Kubernetes may expose clusters to attacks, Microsoft warns. Misconfigurations risk data leaks, code execution, and takeovers. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/microsoft-helm-charts-kubernetes-clusters/
Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks

May 6, 2025 4:50 PM

Tags: apache, cloud, cyber, cybersecurity, data, kubernetes, leak, microsoft, risk

Microsoft’s cybersecurity research team has issued a stark warning about the risks of using default Helm charts and Kubernetes deployment templates, revealing that popular cloud-native applications like Apache Pinot, Meshery, and Selenium Grid are being deployed with critical security gaps. These misconfigurations-often prioritizing convenience over protection-allow attackers to hijack databases, execute arbitrary code, and gain…
Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks

May 6, 2025 1:50 PM

Tags: cloud, data, data-breach, kubernetes, leak, microsoft

Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data.”While these ‘plug-and-play’ options greatly simplify the setup process, they often prioritize ease of use over security,” Michael Katchinskiy and Yossi Weizman from the Microsoft Defender for Cloud Research team First…
Redefining Application Security: Imperva’s Vision for the Future

May 6, 2025 5:53 AM

Tags: api, application-security, computing, kubernetes

It’s no secret that web applications have undergone a significant transformation over the past few years. The widespread adoption of containerization, serverless computing, low-code development, APIs, and microservices has redefined how applications are built, deployed, and scaled. According to Statista, over 60% of organizations now use Kubernetes to manage their containerized workloads. Meanwhile, security remains……
Microsoft finds default Kubernetes Helm charts can expose data

May 5, 2025 9:50 PM

Tags: data, kubernetes, microsoft, risk

Microsoft warns about the security risks posed by default configurations in Kubernetes deployments, particularly those using out-of-the-box Helm charts, which could publicly expose sensitive data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-finds-default-kubernetes-helm-charts-can-expose-data/
Cybersecurity Snapshot: CISA’s Best Cyber Advice on Securing Cloud, OT, Apps and More

May 2, 2025 6:50 PM

Tags: access, ai, attack, authentication, best-practice, breach, business, cisa, ciso, cloud, computer, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, exploit, firewall, flaw, framework, government, guide, hacker, iam, identity, incident, incident response, infrastructure, injection, international, Internet, iot, kubernetes, login, mfa, microsoft, mitigation, mitre, network, nist, open-source, organized, password, phishing, programming, RedTeam, risk, risk-management, sbom, service, software, sql, supply-chain, tactics, technology, threat, tool, unauthorized, update, usa, vulnerability, vulnerability-management, windows, xss, zero-day

In this special edition of the Cybersecurity Snapshot, we’re highlighting some of the most valuable guidance offered by the U.S. Cybersecurity and Infrastructure Security Agency in the past 12 months. Check out best practices, recommendations and insights on protecting your cloud environments, OT systems, software development processes and more. In case you missed it, here’s…
Kubernetes Resource Optimization Best Practices with Goldilocks

May 1, 2025 9:50 PM

Tags: best-practice, cloud, kubernetes, open-source, risk, service
CNAPP-Kaufratgeber

Apr 30, 2025 6:56 AM

Tags: access, ai, application-security, attack, authentication, cloud, container, detection, edr, encryption, framework, group, ibm, infrastructure, intelligence, kubernetes, linux, ml, monitoring, network, open-source, risk-management, saas, soar, software, supply-chain, threat, tool, vmware