Security news aggregator

Latest coverage for Kubernetes

Stay informed on Kubernetes security with the latest updates, tips, and best practices for protecting your containerized environments.

111 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Kubernetes is an open-source container orchestration system designed to automate the deployment, scaling, and management of containerized applications. Originating from Google, it has become a significant platform for simplifying cloud, hybrid, and multi-cloud environment management, greatly impacting scalability and efficiency for organizations deploying applications.

In the context of information security, Kubernetes plays a critical role. It brings a set of security challenges and concerns due to its dynamic and distributed architecture. Security within Kubernetes involves safeguarding the containerized applications, the underlying infrastructure, the Kubernetes orchestration mechanisms, and the communication between different components. This includes managing access controls, implementing network policies, securing the container supply chain, and performing regular vulnerability assessments of the containers and the host system. As containers are ephemeral and can be rapidly deployed and terminated, security strategies must adapt to this agility without hindering the benefits Kubernetes provides.

For organizations leveraging Kubernetes, maintaining comprehensive security practices is essential to protect against threats such as unauthorized access, data breaches, and potential service disruptions. Hence, continuous attention to security configurations, timely updates and patches, and the integration of security tools that cater to Kubernetes environments are vital for maintaining robust security postures.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 111 Filtered view

Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and targets credentials across GitHub, AWS, Kubernetes, Vault, npm, and 1Password platforms. The post Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft appeared first on Microsoft Security Blog.

More from Microsoft Security Research 21 May 2026, 5:48 a.m. Incident · 8 stories Amazon Web Services Automation Compromise Credentials Github Kubernetes Linux Malware Microsoft Node.js Theft

Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploitable misconfigurations lead to RCE and data leaks. The post When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps appeared first on Microsoft Security Blog.

More from Microsoft Security Research 15 May 2026, 2:20 a.m. Artificial Intelligence Authentication Cloud Exposure Kubernetes Leak Microsoft Misconfiguration Remote Code Execution Threat Actor Vulnerability

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor

More from The Hacker News 25 Mar 2026, 7:21 a.m. Backdoor Compromise Credentials Kubernetes Lateral Movement Python Threat Actor

Long after CVEs issued and open source flaws fixed Last fall, Jakub Ciolek reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne's Internet Bug Bounty (IBB) program. Both were assigned CVEs and have since been fixed. But instead of receiving an $8,500 reward for the two flaws, Ciolek says, HackerOne ghosted him for months.…

More from The Register 7 Jan 2026, 1:17 p.m. Bug Bounty DoS Fixed Flaw Kubernetes Open Source Reward

The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can’t keep up with

More from The Hacker News 12 Sep 2025, 8:00 p.m. Adoption Cloud Containers Kubernetes Serverless
Bank Info Security 9 months, 1 week ago

Okta to Purchase Axiom Security to Bolster Privileged Access

Just-in-Time, Database, Kubernetes Access Fuel Privileged Access Startup M&ABy acquiring startup Axiom Security, Okta aims to enhance privileged access by offering broader coverage of sensitive assets like Kubernetes containers and databases. The company says the move accelerates value delivery and complements Okta's existing privileged access capabilities.

More from Bank Info Security 27 Aug 2025, 10:30 a.m. Containers Database Kubernetes Okta Startup