A newly disclosed MongoDB vulnerability, tracked as CVE-2025-14847 and informally referred to as MongoBleed, allows unauthenticated remote attackers to leak uninitialized memory from a MongoDB server. A public proof-of-concept exploit is already available, significantly increasing the risk for exposed MongoDB deployments.
This blog explains how the vulnerability works, what is required to exploit it, and how to identify exposure and detect exploitation attempts at runtime.
CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886 can be exploited by attacker to steal secret credentials from K8s cluster.
Three security issues were reported on October 27th by the Kubernetes security community, all of them related to the popular NGINX ingress component.
Kubescape, an end-to-end open-source Kubernetes security platform, embarks on a new journey. Kubescape, created by ARMO, will fully migrate to the CNCF. This coincides with the launch of ARMO Platform, a hosted, managed security solution powered by Kubescape.
Grafana Labs published a security advisory for a new critical vulnerability in its open-source product. The vulnerability, marked as CVE-2022-39328, enables attackers to bypass authorization on arbitrary service endpoints.
ARMO have open sourced yet another important component – Kubescape operator. This operator can be installed in-cluster using Helm, and is responsible, for the continuous configurations and image vulnerability scanning, among other nifty capabilities you should check out. From today, users can access the code of all of the Kubescape components, review it, open issues, start discussions, and contribute to it.
Kubescape now fully supports the Open API framework through Swagger. This means Kubescape users can now leverage services through openly available APIs everywhere and anywhere. Users can call Kubescape functions using APIs – they can operate, view and consume wherever they are, whenever they need it without leaving their preferred tool, platform or environment. Some of the common functions available: create an account, run a Kubescape scan, get results, export results, and more. It is updated on a daily basis and you will always have the latest APIs available.
Kubescape is now an independent open source project (moved out of the ARMO organization), and has been officially donated to the community, to democratize contribution. Kubescape welcomes external maintainers to take a meaningful part in helping to lead and maintain this community-born and maintained project and will abide by the standards of open source governance processes and guidelines (e.g. community governance body, monthly community meetings, regular maintainers meetings, and whatever else the community would like to see.)
There are so many different Frameworks to use when it comes to Kubernetes security and compliance - CIS, NIST, NSA&CISA, PCI.
which one is good for you? and why?
in this article i'm trying to cover the main frameworks in the market and compare between them.
i'm happy to here your thoughts
well, this is probably the reason why the adoption rate of K8s is so high? and why so many organizations are using it or going to use it as their "operating system" of cloud native environments?
A new HIGH severity vulnerability was found in Kubernetes in which users may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. The issue is affecting the Kubelet component of Kubernetes. This vulnerability allows attackers to abuse subPath property of the volumeMounts and access the entire host file system without using the hostPath feature originally intended for this capability.
You have probably heard of Kubernetes role-based access control (RBAC). In this article, Amir Kashaunsky, ARMO VP Product, will walk you through this method so that in the end, you will be able to determine whether RBAC is something you need to worry about, and if so, what you should do about it.
You can also run Kubescape against Kubernetes manifests which is a great way to stop violations before the resources are deployed to a Kubernetes cluster. The output is identical as scanning a running Kubernetes cluster as seen above
This blog explains how the vulnerability works, what is required to exploit it, and how to identify exposure and detect exploitation attempts at runtime.