惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Cloudflare Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
The Blog of Author Tim Ferriss
G
Google Developers Blog
小众软件
小众软件
J
Java Code Geeks
V
Visual Studio Blog
The Register - Security
The Register - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
罗磊的独立博客
美团技术团队
阮一峰的网络日志
阮一峰的网络日志
V
V2EX
博客园 - 叶小钗
N
Netflix TechBlog - Medium
月光博客
月光博客
aimingoo的专栏
aimingoo的专栏
大猫的无限游戏
大猫的无限游戏
T
The Exploit Database - CXSecurity.com
The Hacker News
The Hacker News
Cisco Talos Blog
Cisco Talos Blog
Hacker News: Ask HN
Hacker News: Ask HN
Hacker News - Newest:
Hacker News - Newest: "LLM"
AWS News Blog
AWS News Blog
Webroot Blog
Webroot Blog
The Last Watchdog
The Last Watchdog
T
Threatpost
I
Intezer
T
Tenable Blog
L
LINUX DO - 热门话题
T
Tailwind CSS Blog
Scott Helme
Scott Helme
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cybersecurity and Infrastructure Security Agency CISA
Engineering at Meta
Engineering at Meta
S
Schneier on Security
Recent Announcements
Recent Announcements
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
F
Fortinet All Blogs
腾讯CDC
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
Troy Hunt's Blog
量子位
H
Hacker News: Front Page
V2EX - 技术
V2EX - 技术
Google Online Security Blog
Google Online Security Blog
人人都是产品经理
人人都是产品经理
博客园 - 【当耐特】
博客园 - Franky
www.infosecurity-magazine.com
www.infosecurity-magazine.com

Sysdig Blog

Masterclass: AI is more than ChatGPT and LLMs CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace Kubernetes 1.36 - New security features 5 steps to securing AI workloads Marimo OSS Python Notebook RCE: From Disclosure to Exploitation in Under 10 Hours Security briefing: March 2026 The Sysdig MCP server is now available in AWS Marketplace Risk isn’t reduced until you take action: How teams resolve issues in the cloud AI infrastructure security: Why it deserves its own category Three pillars for building effective runtime-powered cloud defense, the right way Closing the cloud security gap with runtime security Seeing risk isn’t stopping it: Why visibility alone isn’t enough TeamPCP expands: Supply chain compromise spreads from Trivy to Checkmarx GitHub Actions AI coding agents are running on your machines — Do you know what they're doing? Runtime security for AI coding agents: Protecting AI-assisted development How runtime insights power every cloud security use case CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours Inline Cloud Response: Accelerating AWS threat containment for SOC teams Runtime malware detection for AWS Fargate Detecting CVE-2026-3288 & CVE-2026-24512: Ingress-nginx configuration injection vulnerabilities for Kubernetes Malware detection with Sysdig Security briefing: February 2026 Leveling up Kubernetes Posture: From baselines to risk-aware admission Eliminating runtime blind spots: How CleanStart and Sysdig build continuous trust across the container lifecycle LLMjacking: From Emerging Threat to Black Market Reality Real risks live at runtime: Why CISOs must care about deep telemetry in 2026 Sysdig named a Leader in the Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026 How to run rootless containers AI-assisted cloud intrusion achieves admin access in 8 minutes Security briefing: January 2026 Securing GPU-accelerated AI workloads in Oracle Kubernetes Engine Bringing OSS runtime security to AWS: Falco integration with AWS Security Hub CSPM Our customers have spoken: Sysdig rated a Strong Performer in Gartner® Voice of the Customer for Cloud-Native Application Protection Platforms Protecting sensitive business data in preparation for the organization's Gen AI VoidLink threat analysis: Sysdig discovers C2-compiled kernel rootkits AI is still a workload: A practical guide to securing AI workloads How threat actors are using self-hosted GitHub Actions runners as backdoors How Sysdig Sage delivers AI-powered, real-world vulnerability management Security briefing: December 2025 Top 10 ways to get breached in 2026 EtherRAT dissected: How a React2Shell implant delivers 5 payloads through blockchain C2 Introducing runtime file integrity monitoring and response with Sysdig FIM How to detect multi-stage attacks with runtime behavioral analytics EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks Detecting React2Shell: The maximum-severity RCE vulnerability affecting React Server Components and Next.js The rise of AI agents: How autonomous AI Is transforming cloud security Kubernetes 1.35 - New security features The Urgency of Securing AI Workloads for CISOs Security briefing: November 2025 Quantum and the cloud: Science fiction turned security strategy Cloud security, the right way: What the industry should demand (and why "good enough" isn't) Return of the Shai-Hulud worm affects over 25,000 GitHub repositories Detecting CVE-2024-1086: The decade-old Linux kernel vulnerability that’s being actively exploited in ransomware campaigns What’s old is new again: How to demystify AI security with AIBOMs Securing Kubernetes with agentic cloud security How agentic cloud security reduces real risks Hunting reverse shells: How the Sysdig Threat Research Team builds smarter detection rules Shifting left with AI and MCP: Sysdig + Amazon Q Developer How Falco and Stratoshark close the gap between open source runtime detection and deep forensic analysis Investigating security issues with ChatGPT and the GitHub MCP server New runc vulnerabilities allow container escape: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 Harden your LLM security with OWASP Security briefing: October 2025 How agentic AI is changing cloud security Kubernetes Incident Response: Detect, investigate, and contain in under 10 minutes Sysdig recognized as a Cloud Security Leader in Latio Tech Cloud Security Market Report AI echolocation of cloud risks using Sysdig & Snyk MCP servers Sysdig MCP Server: Bridging AI and cloud security insights Understanding CVE-2025-49844: “RediShell” Critical Remote Code Execution in Redis Sysdig Security Briefing: September 2025 Cloud security, the right way: The 3 pillars of real-time defense Open source spotlight: Bringing web application security to Falco with Falcoya's Nginx plugin Malicious NPM packages: Are you exposed? AI for SOC teams: 5 cloud security prompts to start your day with Sysdig Sage™ Shai-Hulud: The novel self-replicating worm infecting hundreds of NPM packages ZynorRAT technical analysis: Reverse engineering a novel, Turkish Go-based RAT Modern vulnerability management, built for the cloud Build your AWS incident response playbook with open source tools 2025 Gartner® CNAPP Market Guide: Runtime visibility is no longer optional Threat hunting with Sysdig: Uncovering “IngressNightmare” Open source spotlight: From alerts to action with AI-powered Falco Vanguard From triage to action: How Sysdig’s agentic cloud security platform slashes noise and accelerates remediation The vision comes to life: Agentic cloud security with Sysdig Sage™ Data security findings: A technical deep dive Connecting runtime to source: Sysdig and Semgrep integration Fix what matters, faster: How Sysdig and Semgrep are unifying security without silos – from code to runtime Defending sensitive data with Sysdig Secure Redefining cloud security, the right way Join the movement: The Sysdig Open Source Community is live A smarter, safer cloud in the age of AI Unifying detection and response: Sysdig + Cortex XSOAR for security at cloud speed The future of security is open, and it needs a unified hub: The Sysdig Open Source Community is here CVE-2025-53104: Command injection via GitHub Actions workflow in gluestack-ui Why MCP server security is critical for AI-driven enterprises What’s new in Sysdig — June 2025 AI-powered CNAPP with Sysdig Sage™ Revolutionizing Cybersecurity Search with Sysdig Sage™ Sysdig Threat Bulletin: Iranian Cyber Threats The end of the prioritization-only era: Vulnerability management needs action Dangerous by default: Insecure GitHub Actions found in MITRE, Splunk, and other open source repositories
How Sysdig secures your containers and Kubernetes
2025-10-07 · via Sysdig Blog

Containers and Kubernetes have transformed how modern applications are built and deployed. While containers offer clear benefits in terms of scalability, flexibility, and speed in the cloud, they also expand the attack surface that organizations need to defend. Unpatched vulnerabilities, risky configurations, and runtime threats create constant challenges for security teams.

Most security tools weren’t designed for cloud-native environments. They miss container-specific risks, overwhelm teams with alerts, or force organizations to stitch together multiple tools. Sysdig takes a different approach. By providing end-to-end visibility across the container lifecycle, Sysdig enables teams to prevent issues before they start, detect active threats with clarity, and respond in real time.

Vulnerability management

Sysdig’s vulnerability management for containers starts with broad coverage wherever your workloads run. Sysdig scans containers across Linux and Windows, with visibility that spans the full software development lifecycle from container registries and CI/CD pipelines to production environments.

When you open Sysdig’s Vulnerability Overview, you won’t be overwhelmed by thousands of CVEs. Instead, Sysdig highlights the vulnerabilities that matter most, focusing on those that are tied to packages running in production (in use), have a fix, and have a known exploit. This runtime-aware prioritization cuts through the noise, helping teams greatly reduce their scope and focus on the issues that require immediate action.

On the Vulnerability Findings page, vulnerabilities can be filtered further based on other risk criteria (e.g., exposure to the Internet). Vulnerability findings can also be grouped by CVE ID or container image. Clicking into a vulnerability provides additional context and the container it is impacting.

The CVE360 view gives complete context on all instances of this CVE throughout your environment so you can assess the scope and impact of the CVE at a glance. Relevant context like the total resources impacted, sources, and remediations helps you prioritize and understand if this is something that needs to be fixed.

Sysdig also helps trace problems back to their source. With Layered Analysis, you can break images down by layer and pinpoint exactly where an issue originated. By fixing the problem at the source, you eliminate it everywhere it appears, making remediation faster and more durable.

When it comes to remediation, Sysdig provides actionable guidance. For container images, our AI cloud security analyst, Sysdig Sage™, generates low effort remediations that will have the greatest impact on risk reduction. Sysdig Sage turns traditional vulnerability management workflows into agentic processes, generating step-by-step instructions to remediate vulnerabilities on the container image. From here, you can automatically create a ticket and pass it along to your engineering team to remediate, which includes all of the context they will need.

Together, these capabilities turn container vulnerabilities from a backlog of alerts into a focused, actionable workflow that reduces real risk.

Compliance and posture management

Preventing vulnerabilities is only part of the challenge. Security teams also need to ensure their environments meet industry and regulatory standards, while keeping configurations aligned with best practices. This often results in time-consuming audits, manual checks, and a constant risk of drift as environments evolve. Sysdig simplifies this by combining continuous compliance monitoring with Kubernetes security posture management (KSPM) and policy enforcement.

For many organizations, meeting compliance requirements is a critical security use case. Frameworks like PCI DSS, HIPAA, NIST 800-53, SOC 2, and CIS Benchmarks require continuous proof that your environments are secure. Sysdig makes this manageable with out-of-the-box policies mapped directly to these standards, giving you immediate visibility into where you stand.

Instead of scrambling during audits, teams can generate on-demand reports in just a few clicks, monitor how posture changes over time, and drill into failed controls with clear remediation guidance. This reduces manual effort while ensuring you can demonstrate compliance to regulators, customers, and stakeholders at any time.

Many attacks on containers exploit Kubernetes misconfigurations such as overly permissive roles, misconfigured clusters, or privileged containers. Sysdig’s KSPM helps teams stay ahead of these risks with out-of-the-box policies mapped to Kubernetes compliance standards and best practices. Sysdig continuously checks for these risky settings, highlights issues in context, and provides guidance on how to fix them, helping you align with best practices and strengthen defenses.

Sysdig doesn’t just flag compliance gaps or Kubernetes misconfigurations. We also make it easy to fix them. The remediation workflow explains the issue in plain language, then provides a patch generated specifically for the problem. You can apply the fix manually by copying the patch code into production, or automate the process by creating a pull request that integrates the patch directly into source code, complete with formatting checks. This flexibility helps teams remediate quickly while keeping development workflows intact.

Sysdig also helps enforce compliance and posture requirements before risky workloads reach production. With our Admission Controller, non-compliant or vulnerable deployments are blocked at deploy time, ensuring that issues don’t slip into runtime.

By combining compliance automation, posture management, and preventative enforcement, Sysdig enables teams to both prove security to auditors and improve security in practice, without slowing down development velocity.

Threat detection and response

Even with strong preventative measures in place, no environment is immune to runtime threats. Containers are dynamic and fast-moving, and attackers look to exploit misconfigurations, vulnerable packages, or exposed credentials. That’s why fast and reliable detection and response are critical. Sysdig helps teams move quickly by correlating signals into meaningful threats, giving deep visibility for investigation, and enabling rapid response actions.

Sysdig powers runtime threat detection with flexible policies built on the open source Falco rules engine. Falco continuously monitors system calls and Kubernetes audit logs and checks them against curated rules to identify suspicious activity in real time. With Sysdig, you get out-of-the-box detection rules and policies tailored for containers and Kubernetes, so you can spot threats quickly.

Sysdig’s Threat Management feature reduces noise by correlating runtime activity into prioritized incidents. Instead of hundreds of raw alerts, detection events are analyzed in real time and grouped into a clear attack or threat category.

Each finding gives the full context, including what happened, which user carried out the actions, and where they occurred. Sysdig Sage enriches threats with an easy to understand summary, helping you understand potential impact and next steps immediately.

Events can also be viewed individually in the Events Feed. When suspicious behavior is detected, you can seamlessly drill into all events on the relevant container workload.

You can talk to Sysdig Sage to ask questions and get more understanding of the threat.

Sysdig also offers forensic analysis capabilities to investigate even after a container is gone. Activity Audit shows executed commands, file access, and network connections, while Captures let you take a system snapshot at the moment of an event for forensic analysis. Together, these capabilities let you trace an incident from the first signal all the way down to the specific system call, cutting investigation time dramatically.

Once you’ve confirmed a threat, Sysdig makes it simple to contain and remediate. With Response Actions, you can kill or pause a container, isolate a workload from the network, or quarantine a suspicious file directly from the Events Feed. For more hands-on response, Rapid Response provides a secure remote shell so authorized users can investigate and remediate with the same commands they’re accustomed to. This flexibility allows teams to adapt response to the severity of the incident,  from automated containment to deeper manual investigation.

By bringing detection, investigation, and response together, Sysdig compresses the time from first signal to containment from hours or days down to minutes — giving security teams the confidence to stop active threats before they spread.

Cloud-native demands a unique approach

Container security requires a platform built specifically for cloud-native environments. Sysdig unifies prevention, compliance, detection, and response in a single solution, giving teams the visibility and speed they need to protect modern applications. With AI-powered vulnerability management, continuous posture management, and real-time threat detection and response, Sysdig helps organizations reduce risk and stop attacks without slowing down innovation.

Want to see these capabilities in action? Request a personalized demo today to explore how our solutions align with your specific needs.