#kubernetes

Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors. The result is a global system where every digital weakness can be turned into physical harm, economic loss, or political

## Summary Cross-namespace Secret access vulnerability in DiscoveryServiceCertificate allows users to bypass RBAC and access Secrets in unauthorized namespaces. ## Affected Versions All versions prior to v0.13.4 ## Patched Versions v0.13.4 and later ## Impact Users with permission to create DiscoveryServiceCertificate resources in one namespace can indirectly read Secrets from other namespaces, completely bypassing Kubernetes RBAC security boundaries. ## Workarounds Restrict DiscoveryServiceCertificate create permissions to cluster administrators only until patched version is deployed. ## Credit Thanks to @debuggerchen for the responsible disclosure.

Tel Aviv, Israel, 29th October 2025, CyberNewsWire

### Summary A malicious host may provide a crafted LUKS2 volume to a Contrast pod VM that uses the [secure persistent volume](https://docs.edgeless.systems/contrast/howto/encrypted-storage) feature. The guest will open the volume and write secret data using a volume key known to the attacker. LUKS2 volume metadata is (a) not authenticated and (b) supports null key-encryption algorithms, allowing an attacker to create a volume such that the volume: - Opens (cryptsetup open) without error using any passphrase or token - Records all writes in plaintext (or ciphertext with an attacker-known key) ### Details Contrast uses cryptsetup to setup secure persistent volumes, using the secret seed as key for the cryptsetup encryption. To do so the Contrast Initializer will invoke the `cryptsetup` CLI. If the device provided by Kubernetes is a identified as cryptsetup device, the Initializer assumes a pod restart happened and the device was previously encrypted with the secret seed. The Initia...

Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire. According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster called BlueNoroff, which is also known as APT38,

### Impact **Note: The exploitation of this issue requires that the malicious user have access to Rancher’s audit log storage.** A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs. This happens in two different ways: 1. Secret Annotation Leakage: When creating Kubernetes Secrets using the `stringData` field, the cleartext value is embedded in the `kubectl.kubernetes.io/last-applied-configuration` annotation. This annotation is included in Rancher audit logs within both the request and response bodies, exposing secret material that should be redacted. 2. Cluster Registration Token Leakage: During the import or creation of downstream clusters (Custom, Imported, or Harvester), Rancher audit logs record full cluster registration manifests and tokens, including: a. Non-expiring import URLs such as `/v3/import/<token>_c-m-xxxx.yam...

### Impact This is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints (e.g., /api/v1/secret, /api/v1/service) did not enforce authentication, allowing unauthenticated users to access sensitive cluster information such as Secrets and Services directly. Although the web UI required a valid JWT for access, the API itself remained exposed to direct requests without any authentication checks. Any user or entity with network access to the Karmada Dashboard service could exploit this vulnerability to retrieve sensitive data. ### Patches The issue has been fixed in Karmada Dashboard v0.2.0. This release enforces authentication for all API endpoints. Users are strongly advised to upgrade to version v0.2.0 or later as soon as possible. ### Workarounds If upgrading is not immediately feasible, users can mitigate the risk by: - Restricting network access to the Karmada Dashboard service using Kubernetes Network Policies, firewall rules, or ingress con...

### Impact NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data. In the patched version, NeuVector leverages the Kubernetes secret `neuvector-store-secret` in `neuvector` namespace to dynamically generate cryptographically secure random keys. This approach removes the reliance on static key values and ensures that encryption keys are managed securely within Kubernetes. During rolling upgrade or restoring from persistent storage, the NeuVector controller checks each encrypted configured field. If a sensitive field in the configuration is found to be encrypted by the default encryption key, it’s decrypted with the default encryption key and then re-encrypted with the new dynamic encryption key. If the NeuVector controller does not have the correct RBAC for accessing the new secret, it writes this error log : `Requ...

An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro, according to findings from Synacktiv. "This backdoor features functionalities relying on the installation of two eBPF [extended Berkeley Packet Filter] modules, on the one hand to conceal itself, and on the other hand to be remotely

U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product. It attributed the activity to a "highly sophisticated nation-state threat actor," adding the adversary maintained long-term, persistent access to its network. The