Amazon Web Services (AWS) has released a new whitepaper: Security Overview of Amazon EKS Auto Mode, providing customers with an in-depth look at the architecture, built-in security features, and capabilities of Amazon Elastic Kubernetes Service (Amazon EKS) Auto Mode. The whitepaper covers the core security principles of Amazon EKS Auto Mode, highlighting its unique approach
IntroductionAt Databricks, Kubernetes is at the heart of our internal systems. Within
Hey r/cybersecurity , I've been working with organizations deploying ML models to Kubernetes, and there's a massive security gap that doesn't get enough attention. Most teams are treating models like they're just another application when they're fundamentally different from a security perspective. The Problem Most orgs have solid security for their traditional apps - container scanning, RBAC, the works. But ML models? They're a different beast entirely: Models aren't just code - They're 5-50GB...
trivy is good, but it's done by horrible people. since we don't want to support that, what can we use? something that scans : terraform, dockerfiles, docker images, k8s clusters. submitted by /u/m0jo-r0jo [link] [comments]
I'm currently exploring how to map and measure security practices across three areas: Secure code controls (static analysis, secure coding guidelines, etc.) Infrastructure-as-Code security (Terraform, Kubernetes, cloud-native IaC scanning) Developer skills and awareness around the OWASP Top 10 My goal is to identify which compliance or maturity frameworks are most relevant for representing these domains in a structured way. For example, should I look at NIST SSDF, ISO 27001, SOC 2, CIS...
Critical vulnerabilities were identified in Chaos Mesh, a popular Cloud Native Computing Foundation chaos engineering platform used for fault injection testing in Kubernetes environments. The security flaws, collectively dubbed "Chaotic Deputy," comprise four CVEs that enable complete cluster compromise through relatively simple exploitation techniques. Key Takeaways1. "Chaotic Deputy" in Chaos Mesh <2.7.3 allows unauthenticated GraphQL
A medium-severity vulnerability has been discovered in the official Kubernetes C# client, which could allow an attacker to intercept and manipulate sensitive communications. The flaw, rated 6.8 on the CVSS scale, stems from improper certificate validation logic. This weakness exposes applications using the client to Man-in-the-Middle (MiTM) attacks, potentially leading to the compromise of credentials,
The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can't keep up with. As adoption grows, so does complexity. Security teams are asked to monitor sprawling hybrid
A newly disclosed attack technique enables authenticated users within the popular GitOps tool ArgoCD to exfiltrate powerful Git credentials. The method, discovered by the cybersecurity research group Future Sight, exploits Kubernetes' internal DNS resolution to intercept credentials in transit, posing a significant risk to organizations relying on the continuous delivery tool. ArgoCD, a leading project
Many devs ask me: 'Isn't Kubernetes enough?' I have done the research to and have put my thoughts below and thought of sharing here for everyone's benefit and Would love your thoughts! This 5-min visual explainer https://youtu.be/HklwECGXoHw showing why we still need API Gateways + Istio - using a fun airport analogy.
arXiv:2509.04191v1 Announce Type: new Abstract: The widespread adoption of Kubernetes (K8s) for orchestrating cloud-native applications has introduced significant security challenges, such as misconfigured resources and overly permissive configurations. Failing to address these issues can result in unauthorized access, privilege escalation, and lateral movement within clusters. Most existing K8s security solutions focus on detecting misconfigurations, typically through static analysis or...
AccuKnox, a leader in Zero Trust Kubernetes and cloud-native security solutions, has been issued a patent [US Patent# 12,242,629 - full PDF copy available] by the U.S. Patent and Trademark Office for the breakthrough technology in Runtime Security of Kernel-Level Events. This innovation delivers real-time detection, prevention, and remediation of anomalous kernel activity. The patented
submitted by /u/BradW-CS [link] [comments]
Hi everyone! I wrote an article about Kubernetes Security Best Practices. It's a compilation of my experiences creating a Kubernetes Security plugin for JetBrains IDE. I hope you find it useful. Feedback is very welcome, as I am a beginner tech blogger. submitted by /u/NordCoderd [link] [comments]
A critical security vulnerability has been identified in Kubernetes Capsule v0.10.3 and earlier versions, allowing authenticated tenant users to inject arbitrary labels into system namespaces and bypass multi-tenant isolation controls. The vulnerability, tracked as GHSA-fcpm-6mxq-m5vv, was disclosed by security researcher Oliverbaehler and represents a significant threat to organizations relying on Capsule for Kubernetes multi-tenancy. Key
submitted by /u/NordCoderd [link] [comments]
Learn how LKE-E solves critical problems while providing streamlined adoption, operational simplicity, and cost efficiency at scale.