Yet another reason why the xz backdoor is a sneaky b@$tard
(We are talking about the xz/libzma backdoor identified with CVE-2024-3094) Background If you just woke...
K8s Vulnerabilities
Bombshell in SSH servers! What CVE-2024-3094 means for Kubernetes users
Read our update: Yet another reason why the xz backdoor is a sneaky b@$tard On...
Kubernetes vulnerabilities: 2023 roundup
Transparency in vulnerability disclosure plays a crucial role in effective risk management, regardless of software...
Under the hood of CVE patching
Addressing Common Vulnerabilities and Exposures, known as CVE patching, is a practice of applying updates...
Three new NGINX ingress controller vulnerabilities reported and how they affect Kubernetes
CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886 can be exploited by attacker to steal secret credentials from the...
Kubelet vulnerabilities on Windows nodes: CVE-2023-3676, CVE-2023-3955 and CVE-2023-3893
Kubernetes security: three new interrelated vulnerabilities affecting the Windows versions of Kubelet and the Kubernetes...
CVE-2022-47633: Kyverno’s container image signature verification can be bypassed by a malicious registry or proxy
Security researchers at ARMO have found a high-severity vulnerability in the Kyverno admission controller container...
2022 Kubernetes Vulnerabilities – Main Takeaways
All the main K8s vulnerabilities from 2022 consolidated into one article. Read all about it...
CVE-2022-39328: Unauthorized access to arbitrary endpoints in Grafana codebase
Grafana Labs published a security advisory for a new critical vulnerability in its open-source product....
Upcoming Critical OpenSSL Vulnerability
This blog covers a developing story and it will be updated as new information and...
CVE-2022-3172 – kube-apiserver can allow an aggregated API server to redirect client traffic to any URL
A new vulnerability was reported on Sep 16th in kube-apiserver that allows an aggregated API...
CVE-2022-23648 – Arbitrary Host File Access from containers launched by containerd CRI and its impact on Kubernetes
Recently discovered vulnerability – CVE-2022-23648 – in containerd, a popular container runtime, allows especially containers...