Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

IngressNightmare: Critical Vulnerabilities Impacting Thousands of Kubernetes Clusters

2025-03-25
IngressNightmare: Critical Vulnerabilities Impacting Thousands of Kubernetes Clusters

Wiz Research discovered a series of unauthenticated Remote Code Execution vulnerabilities (dubbed #IngressNightmare) in Ingress NGINX Controller for Kubernetes. Exploitation grants unauthorized access to all secrets across all namespaces, potentially leading to cluster takeover. Approximately 43% of cloud environments are vulnerable, with over 6,500 affected clusters, including Fortune 500 companies, publicly exposing vulnerable components. Immediate patching is crucial. Mitigations include updating to the latest Ingress NGINX Controller version or disabling the admission controller component.

Read more
(www.wiz.io)
Development

DeepSeek's Exposed Database Leaks Sensitive Chat Logs and API Keys

2025-01-29
DeepSeek's Exposed Database Leaks Sensitive Chat Logs and API Keys

Wiz Research discovered a publicly accessible ClickHouse database belonging to DeepSeek, a Chinese AI startup, exposing over a million log entries containing sensitive information. The exposed database, accessible without authentication, allowed full control and contained chat history, API keys, backend details, and other critical data. Wiz responsibly disclosed the vulnerability to DeepSeek, which quickly remediated the issue. This incident highlights the critical security risks associated with the rapid adoption of AI technologies and the need for robust security practices even for burgeoning startups.

Read more
(www.wiz.io)
Tech database security