⚙ A Brief Deep-Dive into Attacking and Defending Kubernetes
This article covers Kubernetes attack and defense techniques. Explores Kubernetes components (API Server, ETCD, kubelet), attack vectors including unauthenticated API access, RBAC misconfigurations, ServiceAccount token abuse, malicious admission controllers, CoreDNS poisoning, writable volume mounts, ETCD compromise, and certificate authority exploitation.
https://heilancoos.github.io/research/2025/12/16/kubernetes.html
#kubernetes
This article covers Kubernetes attack and defense techniques. Explores Kubernetes components (API Server, ETCD, kubelet), attack vectors including unauthenticated API access, RBAC misconfigurations, ServiceAccount token abuse, malicious admission controllers, CoreDNS poisoning, writable volume mounts, ETCD compromise, and certificate authority exploitation.
https://heilancoos.github.io/research/2025/12/16/kubernetes.html
#kubernetes
❤1👍1🔥1
⚙ Kubernetes v1.35: Restricting executables invoked by kubeconfigs via exec plugin allowList added to kuberc
Kubernetes v1.35 introduces beta support for restricting credential plugin executables via kuberc configuration. Users can set "credentialPluginPolicy" to AllowAll, DenyAll, or Allowlist, with an optional "credentialPluginAllowlist" to specify permitted binaries, enhancing security against supply-chain attacks.
https://kubernetes.io/blog/2026/01/09/kubernetes-v1-35-kuberc-credential-plugin-allowlist/
#kubernetes
Kubernetes v1.35 introduces beta support for restricting credential plugin executables via kuberc configuration. Users can set "credentialPluginPolicy" to AllowAll, DenyAll, or Allowlist, with an optional "credentialPluginAllowlist" to specify permitted binaries, enhancing security against supply-chain attacks.
https://kubernetes.io/blog/2026/01/09/kubernetes-v1-35-kuberc-credential-plugin-allowlist/
#kubernetes
❤1👍1🔥1
Kubernetes 1.35 introduces beta support for CSI drivers to receive service account tokens via the "secrets" field instead of "volume_context", preventing accidental token logging.
https://kubernetes.io/blog/2026/01/07/kubernetes-v1-35-csi-sa-tokens-secrets-field-beta/
#kubernetes
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2❤1🔥1
🔶 CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild
Wiz Research discovered a critical supply chain vulnerability that abused a CodeBuild misconfiguration to take over key AWS GitHub repositories, including the JavaScript SDK powering the AWS Console.
https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild
#aws
Wiz Research discovered a critical supply chain vulnerability that abused a CodeBuild misconfiguration to take over key AWS GitHub repositories, including the JavaScript SDK powering the AWS Console.
https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild
#aws
❤1👍1🔥1
Microsoft Defender for Identity now allows linking multiple accounts to a single identity, by correlating accounts from different identity providers or linking distinct user accounts, crucial for incident response and remediation.
https://www.cloud-architekt.net/linking-privileged-accounts-in-defender/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
Microsoft Defender introduces AI Security Posture Management for multi-cloud environments, providing visibility and contextual risk assessment across AI agent architectures. It identifies agents connected to sensitive data, susceptible to indirect prompt injection attacks, and operating as coordinators, while offering attack path analysis and actionable hardening recommendations.
https://www.microsoft.com/en-us/security/blog/2026/01/21/new-era-of-agents-new-era-of-posture/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
⚙ Running Renovate as a GitHub Action (and NO PAT!)
A post explaining how you can run Renovate as a GitHub Action without needing a GitHub Personal Access Token by using Octo STS.
https://www.chainguard.dev/unchained/running-renovate-as-a-github-action
#cicd
A post explaining how you can run Renovate as a GitHub Action without needing a GitHub Personal Access Token by using Octo STS.
https://www.chainguard.dev/unchained/running-renovate-as-a-github-action
#cicd
❤2👍1🔥1
An authorization bypass in Kubernetes RBAC allows for nodes/proxy GET permissions to execute commands in any Pod in the cluster.
https://grahamhelton.com/blog/nodes-proxy-rce
(Use VPN to open from Russia)
#kubernetes
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥3❤1👍1
Block's BinauthZ plugin extends their OPA-based admission controller to cryptographically verify container image signatures and attestations at Kubernetes admission time, enforcing SLSA using Sigstore/cosign with AWS KMS.
https://engineering.block.xyz/blog/kube-policies-binauthz-closing-the-supply-chain-gap-in-kubernetes
#kubernetes
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
⚙ We should all be using dependency cooldowns
Dependency cooldowns delay automatic dependency updates, providing a free and effective mitigation against most open source supply chain attacks. Tools like Dependabot and Renovate support configurable cooldown periods before adopting new dependency versions.
https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
(Use VPN to open from Russia)
#cicd
Dependency cooldowns delay automatic dependency updates, providing a free and effective mitigation against most open source supply chain attacks. Tools like Dependabot and Renovate support configurable cooldown periods before adopting new dependency versions.
https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
(Use VPN to open from Russia)
#cicd
❤2👍1🔥1
This post details a method for stealing Salesforce OAuth tokens by exploiting an XSS vulnerability and leveraging the Cloudflare Web Application Firewall (WAF).
https://castilho.sh/salesforce-oauth-ato
#saas
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2❤1🔥1
Block's AI engineering approach includes: 95% of engineers using AI assistants, providing freedom to explore multiple tools, launching an AI Champions program focused on repo readiness and context engineering, implementing automated PRs, and planning team-based workshops for multi-agent workflows.
https://engineering.block.xyz/blog/ai-assisted-development-at-block
#AI
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
Mature enterprises lock down egress but often carve out broad exceptions for trusted cloud services. This post shows how reviewing deployment guides can help identify those exceptions and weaponize them with a new Mythic C2 profile called azureBlob.
https://specterops.io/blog/2026/01/30/weaponizing-whitelists-an-azure-blob-storage-mythic-c2-profile/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔴 Google Looker RCE vulnerabilities: Patch now
Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance.
https://www.tenable.com/blog/google-looker-vulnerabilities-rce-internal-access-lookout
#gcp
Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance.
https://www.tenable.com/blog/google-looker-vulnerabilities-rce-internal-access-lookout
#gcp
❤2🔥2👍1
Find out more about how passkeys can be used across devices using a mechanism called Hybrid transport.
https://bughunters.google.com/blog/passkeys
#iam
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
This article introduces Slack's Anomaly Event Response (AER), an automated security system that detects suspicious activities and terminates user sessions in real-time, reducing detection-to-response gaps from hours to minutes.
https://slack.engineering/building-slacks-anomaly-event-response/
#monitor
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
The fastest-growing personal AI agent ecosystem just became a new delivery channel for malware. Over the last few days, VirusTotal has detected hundreds of OpenClaw skills that are actively malicious.
https://blog.virustotal.com/2026/02/from-automation-to-infection-how.html
#AI
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
A practical workflow for threat modeling agentic AI systems: use a five-zone navigation lens to trace attack paths, formalize them as attack trees, and map to OWASP's threat taxonomy and playbooks.
https://christian-schneider.net/blog/threat-modeling-agentic-ai/
#AI
Please open Telegram to view this post
VIEW IN TELEGRAM
👏3❤1👍1
This white paper examines the risks and attack vectors inherent in hybrid multi-cloud infrastructures, and analyzes various attack paths observed by Mandiant in real-world multi-cloud scenarios.
#iam
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍1🔥1