Security news aggregator

Latest coverage for Kubernetes

Kubernetes is an open-source system for managing containers, where misconfigurations and vulnerabilities can expose workloads, secrets, and clusters.

10 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Kubernetes is an open-source platform that automates deploying, scaling, and updating containerized applications across a cluster of machines. It maintains the desired state of workloads, while its control plane assigns work to nodes and manages networking, storage, and service discovery.

Its security depends on several connected layers. The Kubernetes API is a high-value control surface: weak authentication, excessive RBAC permissions, or an exposed dashboard can allow unauthorized changes. Cluster state, including Kubernetes Secrets, is stored in etcd and should be access-controlled and encrypted at rest. Container images and deployment configurations require vulnerability review and trusted-source or admission controls; a privileged container or vulnerable node can increase the risk of escaping workload isolation. Network policies can restrict pod-to-pod communication, while version and node patching, audit logs, and tested access-revocation procedures support detection and response.

Volume over time

Weekly headline count for the current query.

Showing 10 most recent headlines Filtered view

Long after CVEs issued and open source flaws fixed Last fall, Jakub Ciolek reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne's Internet Bug Bounty (IBB) program. Both were assigned CVEs and have since been fixed. But instead of receiving an $8,500 reward for the two flaws, Ciolek says, HackerOne ghosted him for months.…

How many K8s systems are sat on the internet front porch like that ... Oh, thousands, apparently Cloudy infosec outfit Wiz has discovered serious vulnerabilities in the admission controller component of Ingress-Nginx Controller that could allow the total takeover of Kubernetes clusters – and thinks more than 6,000 deployments of the software are at risk on the internet.…

SYSTEM-level command injection via API parameter *chef's kiss* A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster, and thus fully take over those systems, according to Akamai researcher Tomer Peled.…

Three vulnerabilities in one line of code AWS fixed three authentication bugs present in one line of code in its IAM Authenticator for Kubernetes, used by the cloud giant's popular managed Kubernetes service Amazon EKS, that could allow an attacker to escalate privileges within a Kubernetes cluster.…