All news with #kubernetes security tag

🔴 Researchers from JFrog disclosed critical command-injection vulnerabilities in Chaos-Mesh (tracked as CVE-2025-59358, CVE-2025-59360, CVE-2025-59361, and CVE-2025-59359) that allow an attacker with access to an unprivileged pod to execute shell commands via an exposed GraphQL API and the Chaos Daemon. Three of the flaws carry a CVSS score of 9.8 and can be exploited in default deployments, enabling denial-of-service or full cluster takeover. Users are advised to upgrade to Chaos-Mesh 2.7.3 or to disable the chaosctl tool and its port via the Helm chart as a workaround.

🔒Amazon EKS now offers a curated catalog of community add-ons for AWS GovCloud (US) Regions. The catalog includes popular open-source components such as metrics-server, kube-state-metrics, cert-manager, prometheus-node-exporter, fluent-bit, and external-dns, all packaged, scanned, and validated for compatibility by EKS. Container images are hosted in an EKS-owned private ECR repository, and you can install and manage add-ons via the EKS Console, API, CLI, eksctl, or infrastructure-as-code tools like AWS CloudFormation.

⚠️Security researchers disclosed multiple critical vulnerabilities in Chaos Mesh that allow minimally privileged in-cluster actors to execute fault injections and potentially take over Kubernetes clusters. The issues, grouped as Chaotic Deputy, include an unauthenticated GraphQL debugging endpoint and several operating-system command-injection flaws (CVE-2025-59358 through CVE-2025-59361). Chaos Mesh released a remediation in 2.7.3; administrators should patch immediately or restrict access to the daemon and API server if they cannot upgrade.

🚀 AKS Automatic is now generally available, delivering a fully managed, opinionated Kubernetes experience with production-ready defaults and automated day-two operations. It removes infrastructure toil—automatic node provisioning, scaling, patching, and repairs—while enabling intelligent autoscaling with HPA, VPA, KEDA and Karpenter. Developers retain the full Kubernetes API and toolchain and gain GPU and AI workload optimizations.

🛡️ The shift to containers, Kubernetes, and serverless has made runtime visibility the new center of gravity for cloud-native security. CNAPPs that consolidate detection, posture, and response are essential, but observing active workloads distinguishes theoretical risk from live exposure. AI-driven correlation and automated triage reduce false positives and accelerate remediation. Vendors such as Sysdig stress mapping findings back to ownership and source code to drive accountable fixes.

🎉 Google marks the tenth anniversary of Google Kubernetes Engine (GKE) by simplifying pricing and expanding capabilities. Starting September 2025, GKE moves to a single paid tier, GKE Standard, which includes multi-cluster features such as Fleets, Teams, Config Management, and Policy Controller at no extra cost, with additional capabilities available à la carte. Google is also making Autopilot toggleable per cluster and per workload and promoting a container-optimized compute platform designed to increase efficiency and performance for AI and large-scale services.

🔧 Amazon Elastic Kubernetes Service (Amazon EKS) now allows you to select a custom Kubernetes namespace when installing both AWS and Community add-ons, giving operators finer control over object organization and isolation within clusters. You can install add-ons into a chosen namespace via the AWS Console, EKS APIs, AWS CLI, or infrastructure-as-code tools like CloudFormation. Note that to move an installed add-on to a different namespace you must remove and recreate it. This capability is available in all commercial AWS Regions.

🔒 Google announced that protected KVM (pKVM) has achieved SESIP Level 5 certification, making it the first software security system for large-scale consumer electronics to reach this assurance. The certification followed a hands-on evaluation by Dekra under the TrustCB SESIP scheme compliant to EN-17927 and includes AVA_VAN.5 vulnerability analysis. pKVM will enable high-criticality isolated workloads such as on-device AI and provides an open-source, verifiable foundation for device manufacturers.

🚀 Microsoft announced it was recognized as a Leader in the 2025 Gartner Magic Quadrant for Container Management, reflecting the scope and customer impact of its container portfolio. Azure Kubernetes Service (AKS), Azure Container Apps, and hybrid/multicloud capabilities with Azure Arc are highlighted for developer productivity, operational simplicity, and AI readiness. The company emphasized developer tooling like AKS Automatic (preview), Azure Developer CLI, and GitHub Copilot, plus integrated security through Microsoft Defender for Containers and Azure Policy. Customer examples such as ChatGPT, Telefônica Brasil, Coca‑Cola, Hexagon, and Delta Dental illustrate real-world outcomes.