kubernetes security

Microsoft has published a Security Update Guide entry for CVE-2026-26135, describing an Elevation of Privilege issue in the Azure Custom Locations Resource Provider. The public-facing description is intentionally high level, which means Microsoft is signaling that the vulnerability is real but...

CoreDNS has been assigned CVE-2026-26018 — a high-severity denial-of-service vulnerability in the loop plugin that can be triggered remotely by an attacker who can send carefully crafted DNS queries and (under realistic cluster conditions) crash the CoreDNS process, with wide-reaching...

A half‑blind Server‑Side Request Forgery (SSRF) has been disclosed in the Kubernetes kube‑controller‑manager that specifically affects clusters using the in‑tree Portworx StorageClass; the flaw can be triggered by any actor who can create pods that request Portworx volumes and can leak data from...

A subtle race condition in Kubernetes namespace termination has been assigned CVE-2024-7598 and exposes a short but real window in which a malicious or compromised pod can bypass NetworkPolicy-enforced restrictions during namespace deletion. Background Kubernetes namespaces are logical...

KubeVirt maintainers disclosed a privilege-management flaw, tracked as CVE-2025-64436, where excessive permissions granted to the virt-handler service account could be abused to force Virtual Machine Instance (VMI) migrations or otherwise concentrate VM workloads on attacker-controlled nodes — a...

KubeVirt’s latest vulnerability, tracked as CVE-2025-64433, breaks a core assumption in virtualized Kubernetes environments: that a guest VM cannot read arbitrary files from the node or the container that launched it. The flaw allows a VM to read arbitrary files from its virt-launcher pod by...

A stack-buffer overflow in Fluent Bit’s Docker input plugin has been cataloged as CVE-2025-12970, and it’s the kind of flaw that turns a seemingly innocuous container name into a potential foothold for attackers. The vulnerability stems from the in_docker plugin’s extract_name routine copying...

When it comes to managing containerized applications with Kubernetes, few skills are as universally valuable yet seemingly arcane as learning how to SSH into a Kubernetes pod. While Kubernetes was designed with abstraction and orchestration in mind—rarely assuming direct server access would be...

Cybersecurity researchers have recently uncovered a sophisticated attack technique that exploits misconfigured Microsoft Azure Arc deployments, enabling adversaries to escalate privileges from cloud environments to on-premises systems and maintain persistent access within enterprise...

Across modern enterprise IT, the accelerating shift to hybrid and cloud environments has thrown a sharp spotlight on a long-standing security conundrum: how to manage identity and access not just for human users, but for the multitude of non-human workloads—applications, services, scripts, and...

In today’s increasingly complex cybersecurity landscape, enterprises are racing against time to identify, analyze, and respond to threats across heterogeneous IT environments. SUSE Security’s new integration with Microsoft Sentinel—and its powerful augmentation through Microsoft Security...

At the heart of a modern enterprise's cybersecurity strategy lies the need to adapt to a constantly evolving digital threat landscape. As businesses shift more of their infrastructure and workloads to the public cloud, and as attackers adapt their methods to exploit this changing environment...

The landscape of enterprise security is changing rapidly, facing relentless waves of increasingly complex cyber threats and a continuously evolving range of attack surfaces. In an era defined by cloud transformation, hybrid computing, and the rise of containerized workloads, traditional security...