News

Hosted on MSN22d
Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw
Cloudy infosec outfit Wiz has discovered serious vulnerabilities in the admission controller component of Ingress-Nginx Controller that could allow the total takeover of Kubernetes clusters – and ...
CSOonline22d
Critical RCE flaws put Kubernetes clusters at risk of takeover
They were fixed in versions 1.12.1 and 1.11.5 of Ingress NGINX Controller (Ingress-NGINX) released on Monday. A fifth flaw, tracked as CVE-2025-24513, was also identified and patched in these ...
Security Boulevard14d
An Improved Detection Signature for the Kubernetes IngressNightmare Vulnerability
Wiz recently published a detailed analysis of a critical vulnerability in the NGINX Ingress admission controller—what they’ve dubbed IngressNightmare (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, ...
CRN4y
Firm Sues F5 Networks, Claims Rights To NGINX Tech Developed By Russian Internet Portal’s Employees
Igor Sysoev worked on the open source NGINX webserver for a decade while an employee at Russian tech company Rambler. In 2011, Sysoev and his partners left Moscow for San Francisco, got funding ...
it-daily.net12d
Evilginx: The nginx mutation that defeats MFA protection
Security researchers from Sophos X-Ops have investigated how Evilginx works and the potential threats it poses.