Kubernetes didn’t take the day off - and neither did the folks trying to poke holes in it. Today’s updates bring some serious security flaws, faster-than-ever attacks on new clusters, and a few bright spots where things are actually getting better. We also spotted useful tools and reports to help you stay ahead.
If you run clusters or care about keeping them safe, this is for you.
Critical Vulnerabilities in Kubernetes Ingress-NGINX Controller
Recent disclosures have identified multiple critical vulnerabilities in the Kubernetes Ingress-NGINX Controller, collectively termed “IngressNightmare.” These include: - CVE-2025-1974 - CVE-2025-1097 - CVE-2025-1098 - CVE-2025-24514
These vulnerabilities allow unauthenticated attackers with access to the pod network to execute arbitrary code within the ingress-nginx controller, potentially leading to a full cluster takeover.
➡️ Read more
Kubernetes Security Report 2025 (Wiz Research)
Highlights from the report:
- Rapid Targeting: New clusters are targeted within minutes (e.g., AKS attacked within 18 minutes).
- Fewer Critical Vulns: 50% drop in exposed pods with severe vulnerabilities.
- IAM Gaps: 81% of EKS clusters use deprecated CONFIG_MAP authentication.
- Versioning: 54% of clusters now run supported Kubernetes versions (up from 42%).
Enhanced Detection for IngressNightmare
Security researchers have developed improved Nuclei detection templates for CVE-2025-1098 to catch vulnerable versions (like v1.12.0) previously missed.
Cloud-Native Security Best Practices
To secure Kubernetes and cloud-native stacks, focus on:
- IAM (RBAC)
- Network security
- App security
- Data protection
- Infrastructure as Code (IaC) scanning
- Cloud Workload Protection (CWP)
Open-Source Enhancements to Kubernetes Security
Tigera has released Calico Open Source 3.30, bringing enterprise-grade security and observability features to open-source users.
➡️ Read more