Kubernetes News Articles

The one with Ross and the critical Kubernetes vulnerability

Some 4,500 Kubernetes clusters are exposed to remote exploitation due to "IngressNightmare" and CVE-2025-1974. A working exploit is available.

3 days ago

Kubernetes IngressNightmare Vulnerabilities | CrowdStrike

Learn how CrowdStrike's security solutions can help identify vulnerable K8s clusters and detect potential exploitation attempts.

3 days ago

PoC Exploit Released for Ingress-NGINX RCE Vulnerabilities

A recently disclosed vulnerability in Ingress-NGINX, tracked as CVE-2025-1974, has raised concerns about the security of Kubernetes environments.

1 week ago

IngressNightmare: Critical Kubernetes Flaws Put 6,500+ Clusters At Risk

Five critical security vulnerabilities have been found in the Ingress NGINX Controller for Kubernetes, potentially enabling unauthenticated remote code

1 week ago

String of defects in popular Kubernetes component puts 40% of cloud environments at risk

Researchers aren’t aware of active exploitation in the wild, but they warn the risk for publicly exposed and unpatched Ingress Nginx controllers is extremely high.

1 week ago

Kubernetes Patch: 43% of Clusters Face Remote Takeover Risk

Critical vulnerabilities in Ingress Nginx Controller - a widely used component of the popular Kubernetes container management system - need immediate patching to

1 week ago

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover - Help Net Security

"IngressNightmare" vulnerabilities affecting Ingress NGINX Controller for Kubernetes that may be used to take over Kubernetes clusters.

1 week ago

IngressNightmare - Critical RCE Vulnerabilities Expose Kubernetes Clusters

Critical RCE Vulnerabilities Discovered in Kubernetes Ingress-NGINX: Over 40% of Cloud Environments at Risk

1 week ago

Ingress NGINX RCE Vulnerability Allows Attackers to Compromise Entire Cluster

A series of remote code execution (RCE) vulnerabilities known as "IngressNightmare" have been discovered in the Ingress NGINX Controller for Kubernetes.

1 week ago

Critical vulnerabilities put Kubernetes environments in jeopardy

Wiz researchers warned that several CVEs in Ingress NGINX Controller for Kubernetes make nearly half of all cloud environments at risk of takeover.

1 week ago

Remote Code Execution Vulnerabilities in Ingress NGINX | Wiz Blog

Wiz Research uncovered RCE vulnerabilities (CVE-2025-1097, 1098, 24514, 1974) in Ingress NGINX for Kubernetes allowing cluster-wide secret access.

1 week ago

Kubernetes affected by CVE-2024-10220 Flaw

A high-severity vulnerability has been discovered in Kubernetes, potentially allowing attackers to execute arbitrary commands outside of container boundaries. The vulnerability tracked as CVE-2024-10220 with a CVSS score of 8.1, affects Kubernetes clusters running specific versions of kubelet. The v...

Kubernetes Image Builder Vulnerability: CVE-2024-9486 Risk

The Kubernetes Image Builder vulnerability (CVE-2024-9486) poses a critical security threat.

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

Critical Kubernetes Image Builder vulnerability CVE-2024-9486 patched to prevent root access via default credentials.

Critical Kubernetes Image Builder bug allows SSH root access

A critical bug in Kubernetes Image Builder could allow unauthorized SSH access to virtual machines (VMs) thanks to default credentials being enabled during the image build process. Image Builder is a tool...

Critical Kubernetes Image Builder flaw gives SSH root access to VMs

A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project.

Kubernetes Image Builder Flaw Let Attackers Gain Root Access to VMs

The Kubernetes Security Response Committee has disclosed two critical vulnerabilities in the Kubernetes Image Builder that could allow attackers to gain root access to virtual machines (VMs).

Kubernetes CVE for Windows 2023 | CVE-2023-5528

This is the second Kubernetes CVE on Windows endpoints related to storage variables this year; though rated high, this has a low probability of impact

CVE-2023-5528: ваш кластер Kubernetes подвержен удалённому выполнению кода

Обновите свои системы, пока не стало слишком поздно.

Kubernetes CVE for Windows 2023 | CVE-2023-5528

This is the second Kubernetes CVE on Windows endpoints related to storage variables this year; though rated high, this has a low probability of impact

CVE-2023-5528: Kubernetes Flaw Jeopardizing Windows Node That Can't Be Ignored

CVE-2023-5528: Kubernetes Flaw Jeopardizing Windows Node That Can't Be Ignored - Vulnerabilities - Information Security Newspaper | Hacking News

Kubernetes Vulnerability allows Hackers to Execute Remote Code with SYSTEM Privileges

A high-severity remote code execution vulnerability, CVE-2023-5528, was found in Kubernetes, impacting Windows nodes. Exploiting this flaw requires malicious YAML files, allowing threat actors to take over the cluster. The vulnerability, present in versions before 1.28.4, is linked to insecure funct...

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

A high-severity flaw in Kubernetes, CVE-2023-5528, has been patched. This vulnerability allowed attackers remote code execution with SYSTEM privileges

Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints

A high-severity Kubernetes vulnerability tracked as CVE-2023-5528 can be exploited to execute arbitrary code on Windows endpoints.

Patch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes

Attackers can remotely execute code with System privileges by exploiting a vulnerability in the source code of the open-source container management system.

Kubernetes Windows Nodes Vulnerability Let Attacks Gain Admin Privileges

This new vulnerability is based on 3 main things of Kubernetes such as Windows nodes Kubernetes, in-tree plugins, CSI, & persistent volumes.