Hackaday

This Week In Security: IngressNightmare, NextJS, And Leaking DNA

This week, researchers from Wiz Research released a series of vulnerabilities in the Kubernetes Ingress NGINX Controller that, when chained together, allow an unauthorized attacker to completely take ...
CRN

‘IngressNightmare’ Vulnerabilities Are A Kubernetes Emergency: Wiz CTO

A series of ‘critical’ zero-day vulnerabilities can enable ‘full takeover’ of a Kubernetes cluster — and are ‘probably the most severe’ security issue to affect Kubernetes environments in recent years ...
Dark Reading

Critical 'IngressNightmare' Vulns Imperil Kubernetes Environments

The maintainers of Kubernetes have released patches for four critical vulnerabilities in the Ingress NGINX Controller, affecting 6,500, or 41%, of all Internet-facing container orchestration clusters, ...
Infosecurity-magazine.com

IngressNightmare: Four Critical Bugs Found in 40% of Cloud Systems

Kubernetes customers using the popular Ingress NGINX Controller have been urged to patch four newly discovered remote code execution (RCE) flaws assigned a CVSS score of 9.8. Dubbed “IngressNightmare” ...
CSOonline

Critical RCE flaws put Kubernetes clusters at risk of takeover

The vulnerabilities dubbed IngressNightmare can allow unauthenticated users to inject malicious NGINX configurations and execute malicious code into the Ingress NGINX pod, potentially exposing all ...
CSOonline

Threat actors hijack web traffic after exploiting React2Shell vulnerability

Threat actors exploiting the React2Shell vulnerability in components of React servers are using their access to compromise web domains and divert web traffic for malicious purposes. That’s the ...