惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

SecWiki News
SecWiki News
D
Darknet – Hacking Tools, Hacker News & Cyber Security
I
Intezer
月光博客
月光博客
Cyberwarzone
Cyberwarzone
雷峰网
雷峰网
Security Latest
Security Latest
量子位
博客园 - 聂微东
小众软件
小众软件
NISL@THU
NISL@THU
C
Cisco Blogs
The GitHub Blog
The GitHub Blog
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tor Project blog
Y
Y Combinator Blog
V
V2EX
博客园 - 三生石上(FineUI控件)
P
Privacy & Cybersecurity Law Blog
F
Full Disclosure
Cisco Talos Blog
Cisco Talos Blog
Microsoft Security Blog
Microsoft Security Blog
S
Security @ Cisco Blogs
The Register - Security
The Register - Security
Google DeepMind News
Google DeepMind News
J
Java Code Geeks
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
IT之家
IT之家
Webroot Blog
Webroot Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
aimingoo的专栏
aimingoo的专栏
腾讯CDC
S
Schneier on Security
L
LINUX DO - 最新话题
Latest news
Latest news
Simon Willison's Weblog
Simon Willison's Weblog
罗磊的独立博客
A
Arctic Wolf
MyScale Blog
MyScale Blog
云风的 BLOG
云风的 BLOG
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
S
Secure Thoughts
S
Securelist
Stack Overflow Blog
Stack Overflow Blog
T
Troy Hunt's Blog
Recorded Future
Recorded Future
I
InfoQ
The Cloudflare Blog
H
Heimdal Security Blog
Hugging Face - Blog
Hugging Face - Blog

Wiz Blog | RSS feed

Meet Wiz for M365: Bringing SaaS into the Security Graph How to Harden GitHub Actions: An Updated Guide Bringing Security Visibility to Vercel with Wiz Axios NPM Distribution Compromised in Supply Chain Attack Tracking TeamPCP: Investigating Post-Compromise Attacks Seen in the Wild The Wiz Blue Agent, now Generally Available Beyond the Badge: What Achieving Microsoft’s Certified Software Designation Means for Your Cloud Security Introducing the Green Agent: AI-Powered Remediation for the Cloud Three’s a Crowd: TeamPCP trojanizes LiteLLM in Continuation of Campaign KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack Introducing the Wiz Red Agent- AI-Powered Attacker Introducing Wiz AI Application Protection Platform (AI-APP) Introducing Wiz Agents & Workflows: Security at the Speed of AI AI Runtime Threat Detection: From Input to Real-World Impact Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack It’s Official: Wiz Joins Google Understanding and Reducing AI Risk in Modern Applications Introducing Wiz Tenant Manager: Multi-Tenant Management for Federated Organizations The Agile FedRAMP Playbook, Part 4: Reactive Risk Management through Enriched Incident Response Wiz Achieves CPSTIC Certification in Spain Seeing AI Clearly: Building Visibility Across Modern AI Applications The Agile FedRAMP Playbook, Part 3: Preventative Risk Management by building Secure by Design Wiz Leads the 2026 Latio Application Security Report with awards in 4 categories Building an Agentic Cloud Security Ecosystem: A Reference Architecture with Wiz MCP and Infosys Cyber Next The Agile FedRAMP Playbook, Part 2: Proactive Risk Management with Continuous Monitoring Cloud-native Security for your Windows environment: Announcing the Wiz Runtime Sensor for Windows Would You Click ‘Accept’? Automatically detecting malicious Azure OAuth applications using LLMs Wiz Named a Leader in The Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026 From Detection to Remediation: It’s Time to Rethink AppSec Around Exploitability and Root Cause Fixes The Agile FedRAMP Playbook, Part 1: Why Risk is Your Best Starting Point Introducing AI Cyber Model Arena: A Real-World Benchmark for AI Agents in Cybersecurity Wiz + Spotify Backstage: Security at the Developer’s Desk Building AI Security Together: New Ways to Partner with Wiz for AI Security in 2026 Hacking Moltbook: The AI Social Network Any Human Can Control The Year in Wiz Research: 2025 Most Read Blogs WizExtend is Here: AI and Cloud Security Insights in Your Daily Workflow From Detection to Remediation: Wiz in Your JetBrains IDE Agentic Browser Security: 2025 Year-End Review CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild A 90-Day Action Plan to Turn Resolutions into Results with Wiz Introducing the Wiz Partner Alliance: A New Chapter for Partner Success Preparing for Post-Quantum Cryptography Wiz Recognized as a 2025 Customers’ Choice in the Gartner® Peer Insights™ Voice of the Customer for CNAPP Expanding the Zero Critical Club to set a new standard for AppSec and SecOps teams Snipping the Long Tail of Shai-Hulud 2.0 Protecting Against Zero-Day Vulnerabilities with SOC-Level ASM Alert MongoBleed (CVE-2025-14847) exploited in the wild: everything you need to know The Kenna Transition: Your Strategic Shift to Exposure Management From MCP to Vibe Coding: Full Endpoint Visibility in Wiz AI Security Bringing Oracle Cloud Identity to Wiz Zero‑Days in the Age of AI: Behind the Scenes of ZeroDay.cloud 2025, with a Record High of CVEs in Critical Cloud Infra Gogs 0-Day Exploited in the Wild Code to Cloud Attacks: From Github PAT to Cloud Control Plane Top AWS re:Invent Announcements for Security Teams in 2025 React2Shell: Technical Deep-Dive & In-the-Wild Exploitation of CVE-2025-55182 React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability Wiz Product Announcements at re:Invent 2025: Expanding Visibility from Code to Cloud Introducing Wiz SAST: Where Code Risk Meets Cloud Context Wiz Becomes Fastest Security ISV to Reach $1 Billion in AWS Marketplace Lifetime Sales It's Here! Wiz Exposure Management is Now GA Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact Service Catalog is Here: Expand Risk Visibility for Your Service and Its Dependencies, Simplify Issue Ownership WizOS: Powering Secured Image Adoption with AI 3 OAuth TTPs Seen This Month — and How to Detect Them with Entra ID Logs Mastering Software Governance with Hosted Technologies Inventory Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets Get Certified on Wiz Defend for Threat Detection and Response Blueprint for Security: A Guide to Code, Governance, and Response Frameworks Google Unified Security Recommended Program Names Wiz Among First 3 Strategic Partners Introducing Posture Issues: Transform Security Findings into Actionable Outcomes Empower and Accelerate Your SOC with the Blue Agent Exposure Report: 65% of Leading AI Companies Found with Verified Secret Leaks Wizdom 2025 Product Announcements: Extending the Cloud Operating Model When AI Becomes the Heart of Security: Powering a Future You Can Trust AI-Powered Wiz: From Agents to Everyday Intelligence Defend Agentless Workload Detection: Bringing Visibility to Blind Spots in Threat Detection Securing AI Agents with Wiz AI-SPM Introducing Wiz ASM: Context-Driven Attack Surface Management Securing Critical Infrastructure in the Cloud Era: A Policy and Technology Blueprint How CISOs Should Plan Security Budgets for 2026 Beyond the Checkbox: How Wiz Transforms SOC 2 into a Security Powerhouse Bringing Visibility to Kubernetes: Unified Inventory and Network Insight The Foundation Modern AppSec Is Still Missing: Code to Cloud, Rebuilt the Right Way Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces Introducing HoneyBee: How We Automate Honeypot Deployment for Threat Research RediShell: Critical Remote Code Execution Vulnerability (CVE-2025-49844) in Redis, 10 CVSS score Defending against database ransomware attacks AI Security 101: Mapping the AI Attack Surface Introducing zeroday.cloud: First-of-its-kind cloud and AI hacking competition Unifying Cloud Risk and Network Defense: Wiz and Check Point The emerging use of malware invoking AI Wiz achieves FedRAMP High authorization Wiz + HCP Terraform: Close the IaC-to-Cloud Infrastructure Security Gap IMDS Abused: Hunting Rare Behaviors to Uncover Exploits Beyond CVEs: The Exploitation of Everyday Misconfigurations Wiz Research Discovers One in Five Organizations Exposed to Systemic Risks in Vibe-Coded Applications - Here's How to Secure Them Introducing Wiz Incident Response: Your Expert Partner for Cloud Security Incidents Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware DORA Compliance in the Cloud Era: Insights from Deloitte and Wiz How Wiz Customers like Brex and FICO See AI Changing Security
Securing the Container Frontier: Kubernetes Trends Report 2025
Shay Berkovich · 2025-01-23 · via Wiz Blog | RSS feed

In the ever-evolving world of cloud-native technologies, Kubernetes continues to reign supreme - and with great power comes great responsibility. Our latest Kubernetes Security Report Refresh unveils a landscape of both peril and progress. 

Let's explore the key findings that are shaping the future of container security. 

The Lightning-Fast Threat Landscape 

Key Stat: AKS clusters face probing attempts a mere 18 minutes after deployment.

Picture this: Your freshly deployed public Kubernetes cluster, barely out of its digital infancy, already under siege. Our research reveals a startling reality where malicious actors operate at breakneck speeds, probing for weaknesses before the digital ink has even dried on your configuration files. This finding serves as a stark reminder: in the world of Kubernetes, security can never be an afterthought. 

The Rise of the Savvy SecOps 

Key Stats: 

  • As of October 2024, Kubernetes 1.29 now leads the pack, dethroning last year's 1.24 

  • End of Support versions down to 46% from 58% last year among the managed clusters 

Here's a reason to celebrate: Kubernetes operators are leveling up their game. We're witnessing a sea change in version management practices, with teams swiftly adopting the latest releases and bidding farewell to outdated versions. This proactive stance isn't just about chasing the newest features - it's a robust defense against lurking vulnerabilities. 

Workloads: Shedding Weight and Gaining Strength 

Key Stats: 

  • Severe vulnerabilities in exposed pods slashed by 50% 

  • Significant drop in high-privilege pod counts 

The data paints a picture of leaner, meaner workloads. Security teams are tightening the screws on vulnerability management, resulting in a dramatic reduction of critical flaws in exposed containers. Moreover, the principle of least privilege is gaining traction, with fewer pods wielding unnecessary powers. It's a testament to the growing sophistication of Kubernetes security practices. 

Read the full report

While these highlights offer a glimpse into the state of Kubernetes security, they're just the tip of the iceberg. To truly navigate the complexities of cloud-native security in 2025, you need the full picture. 

Check out some of our other Kubernetes content, including: 

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。