Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!

Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.

It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅

Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!

So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔

#kubernetes #security #pentesting #devsecops #cloudsecurity

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller.

CVE-2025-1974 but also CVE-2025-1097 CVE-2025-1098 CVE-2025-24513 CVE-2025-24514

🔗 For more details about Ingress NGINX Controller for Kubernetes release https://vulnerability.circl.lu/bundle/84edafcd-42a7-4c30-96f8-87de8e73e1ab

#kubernetes #vulnerability #cybersecurity #cve

Security researchers reveal critical vulnerabilities in Ingress #Nginx Controller for Kubernetes

The vulnerabilities are tracked as CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974, and when exploited, allows an attacker to take over a Kubernetes cluster

Administrators are advised to patch ASAP

#cybersecurity #vulnerabilitymanagement

https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html

Fiksene for CVE-ene involvert i #ingressnightmare er jo også litt interessante:

* CVE-2025-1097 mer quoting:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/06c992abd8eef9710359a236c443c613d29fdfad

* CVE-2025-1098 mer & flyttet quoting:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/2e9f37380afb7853fa6daa1c3e6659550aadfd90

* CVE-2025-1974 diverse utkommentert kode, tydeligvis tester?:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/0ccf4caaadec919680c455d221e53d97970d527d

* CVE-2025-24513 bruke en ordentlig filepath-type:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/cbc159094f6d1b1bf8cf1761eb119138d1f95df1

* CVE-2025-24514 mer sitering:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/ab470eb920924d62a197ebddd8a4cc3031a77ddf

Critical zero-day CVE-2024-3400 in Palo Alto GlobalProtect allows root code execution - patch now if using PAN-OS 10.2/11.0/11.1. Check logs for exploitation signs and rotate credentials if compromised. Details: https://redteamnews.com/exploit/cve/detecting-and-mitigating-cve-2024-3400-critical-zero-day-in-palo-alto-globalprotect/ #CVE-2024-3400

Critical zero-day exploit (CVE-2024-3400) in Palo Alto GlobalProtect firewalls allows remote code execution as root. Active exploitation observed—patch immediately if running PAN-OS 10.2, 11.0, or 11.1. Details: https://redteamnews.com/exploit/cve/critical-zero-day-exploit-in-palo-alto-globalprotect-firewalls-cve-2024-3400-actively-exploited/ #CVE-2024-3400

Critical zero-day CVE-2024-3400 in Palo Alto GlobalProtect allows root access - patch now if using PAN-OS 10.2/11.0/11.1. Check logs for unusual unmarshalling errors and watch for UPSTYLE malware. Details: https://redteamnews.com/exploit/cve/detecting-and-mitigating-cve-2024-3400-critical-zero-day-in-palo-alto-globalprotect/ #CVE-2024-3400

🚨 Critical alert: Palo Alto GlobalProtect firewalls under active attack via zero-day CVE-2024-3400 (CVSS 10.0). Threat actors executing remote code as root. Patch now or apply mitigations. Check logs for suspicious session IDs. #CVE-2024-3400 #cybersecurity https://redteamnews.com/exploit/cve/critical-zero-day-exploit-in-palo-alto-globalprotect-firewalls-cve-2024-3400-actively-exploited/

Critical zero-day CVE-2024-3400 in Palo Alto GlobalProtect allows root code execution - patch now! Active exploits observed since March. Check logs for suspicious activity and upgrade PAN-OS immediately. #CVE-2024-3400 Details: https://redteamnews.com/exploit/cve/detecting-and-mitigating-cve-2024-3400-critical-zero-day-in-palo-alto-globalprotect/

🚨 Critical alert: Palo Alto GlobalProtect firewalls under active attack via zero-day CVE-2024-3400 (CVSS 10.0). Threat actors executing code as root. Patch now or apply mitigations. Check logs for suspicious session IDs. #CVE-2024-3400 #cybersecurity https://redteamnews.com/exploit/cve/critical-zero-day-exploit-in-palo-alto-globalprotect-firewalls-cve-2024-3400-actively-exploited/

New analysis reveals Trojan.MSIL.SUPERNOVA.A's dangerous capabilities: dynamic code execution, memory-only web shells, and stealthy C2 traffic. Patch CVE-2020-10148 and monitor .NET assemblies. Details: https://redteamnews.com/blue-team/malware-analysis/trojan-msil-supernova-a-technical-analysis-of-the-windows-trojan-threat/ #CVE-2020-10148

New analysis reveals Trojan.MSIL.SUPERNOVA.A's dangerous capabilities: in-memory execution, C2 communication, and dynamic code compilation. Patch CVE-2020-10148 and monitor .NET assemblies. Details: https://redteamnews.com/blue-team/malware-analysis/trojan-msil-supernova-a-technical-analysis-of-the-windows-trojan-threat/

New analysis reveals Trojan.MSIL.SUPERNOVA.A's dangerous capabilities: in-memory execution, C2 communication, and dynamic code compilation. Targets Windows systems via drive-by downloads or as secondary payload. Patch CVE-2020-10148 and monitor .NET activity. #CyberSecurity https://redteamnews.com/blue-team/malware-analysis/trojan-msil-supernova-a-technical-analysis-of-the-windows-trojan-threat/

Critical command injection flaw (CVE-2025-2729) found in H3C Magic routers—allows remote code execution without auth. Patch ASAP if you use NX15/NX30 Pro/NX400/R3010/BE18000 models. Details: https://redteamnews.com/exploit/cve/critical-command-injection-vulnerability-in-h3c-magic-routers-cve-2025-2729-what-security-teams-need-to-know/

Critical alert: H3C Magic routers (NX15/NX30 Pro/NX400/R3010/BE18000) have a high-severity command injection flaw (CVE-2025-2729, CVSS 8.8). Unauthenticated attackers can execute arbitrary commands. Patch ASAP and restrict management access. Details: https://redteamnews.com/exploit/cve/critical-command-injection-vulnerability-in-h3c-magic-routers-cve-2025-2729-what-security-teams-need-to-know/ #CVE-2025-2729

Critical alert: H3C Magic routers (NX15/NX30 Pro/NX400/R3010/BE18000) have a high-severity command injection flaw (CVE-2025-2729, CVSS 8.8) allowing remote attacks. Patch ASAP or restrict access. Details: https://redteamnews.com/exploit/cve/critical-command-injection-vulnerability-in-h3c-magic-routers-cve-2025-2729-what-security-teams-need-to-know/ #CVE-2025-2729

New analysis reveals how Trojan.W97M.CVE202140444.A exploits #CVE-2021-40444 in Office docs for remote code execution. Patch now and watch for weaponized attachments. Details: https://redteamnews.com/exploit/cve/trojan-w97m-cve202140444-a-analyzing-the-microsoft-office-exploit-that-enables-remote-code-execution/

New analysis: #TrojanW97M exploits #CVE-2021-40444 in Office docs to run remote code, dropping #CobaltStrike beacons. Patch now and watch for suspicious CAB/DLL files. Details: https://redteamnews.com/exploit/cve/trojan-w97m-cve202140444-a-analyzing-the-microsoft-office-exploit-that-enables-remote-code-execution/

New analysis: Trojan.W97M exploits CVE-2021-40444 in Office docs to run remote code. Delivers Cobalt Strike beacons via obfuscated JS/CAB files. Patch now, enforce Protected View, and watch for suspicious docs. Details: https://redteamnews.com/exploit/cve/trojan-w97m-cve202140444-a-analyzing-the-microsoft-office-exploit-that-enables-remote-code-execution/ #CVE-2021-40444

New Mirai botnet variant exploits CVE-2020-10173 in Comtrend routers, combining vulnerability attacks with brute-forcing. Patch now and monitor for C2 traffic. #CVE-2020-10173 #Mirai https://redteamnews.com/threat-intelligence/new-mirai-botnet-variant-targets-comtrend-router-vulnerability-cve-2020-10173/

New Mirai botnet variant now exploits Comtrend router vulnerability (CVE-2020-10173) to gain root access. Patch your VR-3033 routers and monitor for C2 traffic. Combines old brute-force tactics with new vuln exploitation. #CVE-2020-10173 #Mirai https://redteamnews.com/threat-intelligence/new-mirai-botnet-variant-targets-comtrend-router-vulnerability-cve-2020-10173/

New Mirai botnet variant now exploits Comtrend router vulnerability (CVE-2020-10173) to gain root access. Combines brute-forcing with vulnerability attacks - patch now and monitor for C2 traffic. #CVE-2020-10173 #Mirai https://redteamnews.com/threat-intelligence/new-mirai-botnet-variant-targets-comtrend-router-vulnerability-cve-2020-10173/

Critical UEFI Secure Boot bypass (CVE-2024-7344) lets attackers run unsigned bootkits via a signed Microsoft EFI binary. Patches are out—check if your systems revoked the vulnerable cert. Details: https://redteamnews.com/exploit/cve/cve-2024-7344-critical-uefi-secure-boot-bypass-vulnerability-exposed/ #CVE-2024-7344

Critical command injection flaw (CVE-2025-2728) found in H3C Magic routers—NX30 Pro & NX400 affected. Attackers can run arbitrary commands remotely via API. Patch not yet available. Check your network! #CVE-2025-2728 https://redteamnews.com/exploit/cve/critical-command-injection-vulnerability-in-h3c-magic-routers-cve-2025-2728-puts-networks-at-risk/

Critical command injection flaw (CVE-2025-2728) found in H3C Magic routers—allows remote code execution via API. Patch not yet available. Check if your NX30 Pro/NX400 routers are vulnerable and restrict access immediately. #CVE-2025-2728 https://redteamnews.com/exploit/cve/critical-command-injection-vulnerability-in-h3c-magic-routers-cve-2025-2728-puts-networks-at-risk/

Critical command injection flaw (CVE-2025-2728) found in H3C Magic routers - allows remote attackers to take full control. NX30 Pro and NX400 models at risk. Patch not yet available. Check your network! #CVE-2025-2728 https://redteamnews.com/exploit/cve/critical-command-injection-vulnerability-in-h3c-magic-routers-cve-2025-2728-puts-networks-at-risk/

MITRE ATT&CK 2024 results are in: Ransomware & macOS threats dominate. Top vendors like SentinelOne aced detection, including ALPHV BlackCat & DPRK-linked macOS attacks (CVE-2022-26706). Key takeaways for defenders: https://redteamnews.com/threat-intelligence/mitre-attck-2024-results-ransomware-macos-threats-dominate-enterprise-security/

MITRE ATT&CK 2024 results are in: Ransomware (like ALPHV BlackCat) and macOS threats (CVE-2022-26706) dominated. Top vendors like SentinelOne aced detection. Key takeaways for defenders: lock down RDP, audit LaunchAgents, and prep for cloud threats. Full insights: https://redteamnews.com/threat-intelligence/mitre-attck-2024-results-ransomware-macos-threats-dominate-enterprise-security/

MITRE ATT&CK 2024 results are in: Ransomware (like ALPHV BlackCat) and macOS threats (CVE-2022-26706) dominated. Top vendors like SentinelOne aced detection. Key takeaways for defenders: restrict RDP, audit LaunchAgents, and prep for cloud threats. #CVE-2022-26706 https://redteamnews.com/threat-intelligence/mitre-attck-2024-results-ransomware-macos-threats-dominate-enterprise-security/

Critical auth flaws in Microsoft Azure Private 5G Core (CVE-2024-20685) could disrupt networks. Patches are out - if you're running private 5G, update now and check your logs. Details: https://redteamnews.com/exploit/cve/critical-authentication-flaws-in-microsoft-azure-private-5g-core-expose-networks-to-disruption/

Critical auth flaws in Microsoft Azure Private 5G Core (CVE-2024-20685) could disrupt enterprise networks. Patches are out—update now and check your NGAP logs. More details: https://redteamnews.com/exploit/cve/critical-authentication-flaws-in-microsoft-azure-private-5g-core-expose-networks-to-disruption/

Critical flaws in Microsoft Azure Private 5G Core (CVE-2024-20685) could disrupt enterprise networks. Patches are out—update now and monitor authentication logs. Details: https://redteamnews.com/exploit/cve/critical-authentication-flaws-in-microsoft-azure-private-5g-core-expose-networks-to-disruption/