A newly disclosed MongoDB vulnerability, tracked as CVE-2025-14847 and informally referred to as MongoBleed, allows unauthenticated remote attackers to leak uninitialized memory from a MongoDB server. A public proof-of-concept exploit is already available, significantly increasing the risk for exposed MongoDB deployments.

This blog explains how the vulnerability works, what is required to exploit it, and how to identify exposure and detect exploitation attempts at runtime.

CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886 can be exploited by attacker to steal secret credentials from K8s cluster. Three security issues were reported on October 27th by the Kubernetes security community, all of them related to the popular NGINX ingress component.

Try Kubescape

Here you go https://github.com/kubescape/kubescape

Kubescape, an end-to-end open-source Kubernetes security platform, embarks on a new journey. Kubescape, created by ARMO, will fully migrate to the CNCF. This coincides with the launch of ARMO Platform, a hosted, managed security solution powered by Kubescape.

Looks really great. Love the SaaS offering.

Now do SAST and library/dependency scanning, including open source lic nse reporting and recommendations.

Cool! Happy you like it!

What's not too like. It's highly polished and comes with a very permissive license, which will be no issue since most companies prefer to pay for support and accountability.

CVE-2022-47633: Kyverno’s container image signature verification can be bypassed by a malicious registry or proxy

All the main K8s vulnerabilities from 2022 consolidated into one article. Put together by Ben Hirschberg, founder of ARMO, the makers of Kubescape.

Check this new survey on the state of OSS K8s security

Grafana Labs published a security advisory for a new critical vulnerability in its open-source product. The vulnerability, marked as CVE-2022-39328, enables attackers to bypass authorization on arbitrary service endpoints.

ARMO have open sourced yet another important component – Kubescape operator. This operator can be installed in-cluster using Helm, and is responsible, for the continuous configurations and image vulnerability scanning, among other nifty capabilities you should check out. From today, users can access the code of all of the Kubescape components, review it, open issues, start discussions, and contribute to it. Kubescape now fully supports the Open API framework through Swagger. This means Kubescape users can now leverage services through openly available APIs everywhere and anywhere. Users can call Kubescape functions using APIs – they can operate, view and consume wherever they are, whenever they need it without leaving their preferred tool, platform or environment. Some of the common functions available: create an account, run a Kubescape scan, get results, export results, and more. It is updated on a daily basis and you will always have the latest APIs available. Kubescape is now an independent open source project (moved out of the ARMO organization), and has been officially donated to the community, to democratize contribution. Kubescape welcomes external maintainers to take a meaningful part in helping to lead and maintain this community-born and maintained project and will abide by the standards of open source governance processes and guidelines (e.g. community governance body, monthly community meetings, regular maintainers meetings, and whatever else the community would like to see.)