Category: Other
Mainframes Are the New AI Infrastructure. Protect it with Secure AI
If your AI workloads run in containers, then securing those containers is the first and most important step in protecting your AI. And as enterprises begin to deploy containerized AI workloads on Red Hat OpenShift for mainframe environments, that priority becomes even more urgent.
If your AI workloads run in containers, then securing those containers is the first and most important step in protecting your AI. And as enterprises begin to deploy containerized AI workloads on Red Hat OpenShift for mainframe environments, that priority becomes even more urgent.Read More
Shadow Roles: AWS Defaults Can Open the Door to Service Takeover
What if the biggest risk to your cloud environment wasn’t a misconfiguration you made, but one baked into the defaults?
Our research uncovered security concerns in the deployment of resources within a few AWS services, specifically in the default AWS service roles. These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3 access. These default roles silently introduce attack paths that allow privilege escalation, cross-service access, and even potential account compromise.
What if the biggest risk to your cloud environment wasn’t a misconfiguration you made, but one baked into the defaults?
Our research uncovered security concerns in the deployment of resources within a few AWS services, specifically in the default AWS service roles. These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3 access. These default roles silently introduce attack paths that allow privilege escalation, cross-service access, and even potential account compromise.Read More
What’s Really Happening in Your Containers? Aqua’s Risk Assessment Has the Answer
Containers may be mainstream, but securing them in production remains a moving target. As AI adoption scales and environments grow more complex, so too do the risks, especially at runtime, where traditional tools struggle to provide meaningful visibility. These are not legacy exploits like port scans or brute force attempts. Attackers are targeting what happens inside your environment, at runtime, where misconfigurations, unexpected behaviors, and subtle anomalies can quietly introduce business risk.
Containers may be mainstream, but securing them in production remains a moving target. As AI adoption scales and environments grow more complex, so too do the risks, especially at runtime, where traditional tools struggle to provide meaningful visibility. These are not legacy exploits like port scans or brute force attempts. Attackers are targeting what happens inside your environment, at runtime, where misconfigurations, unexpected behaviors, and subtle anomalies can quietly introduce business risk.Read More
Aqua Security Achieves FedRAMP® High Authorization
Aqua Security’s Cloud Native Application Protection Platform (CNAPP) has achieved FedRAMP® High Impact Authorization, making Aqua one of the few CNAPP providers authorized at the highest level of federal cloud security compliance. This milestone opens the door for U.S. federal agencies, commercial organizations that require FedRAMP High, and cloud service providers operating in FedRAMP-authorized environments to confidently use Aqua’s platform for securing their cloud native applications.
Aqua Security’s Cloud Native Application Protection Platform (CNAPP) has achieved FedRAMP® High Impact Authorization, making Aqua one of the few CNAPP providers authorized at the highest level of federal cloud security compliance. This milestone opens the door for U.S. federal agencies, commercial organizations that require FedRAMP High, and cloud service providers operating in FedRAMP-authorized environments to confidently use Aqua’s platform for securing their cloud native applications.Read More
Tomcat in the Crosshairs: New Research Reveals Ongoing Attacks
News headlines reported that it took just 30 hours for attackers to exploit a newly discovered vulnerability in Apache Tomcat servers. But what does this mean for workloads relying on Tomcat? Aqua Nautilus researchers discovered a new attack campaign targeting Apache Tomcat. In this blog, we shed light on newly discovered malware that targets Tomcat servers to hijack resources.
News headlines reported that it took just 30 hours for attackers to exploit a newly discovered vulnerability in Apache Tomcat servers. But what does this mean for workloads relying on Tomcat? Aqua Nautilus researchers discovered a new attack campaign targeting Apache Tomcat. In this blog, we shed light on newly discovered malware that targets Tomcat servers to hijack resources.Read More
Cut Through Alert Noise and Fix Toxic Combinations First
Not every security alert is a threat, but the right combination can bring down your cloud native and containerized applications.
Security incidents rarely happen because of a single weak point. Instead, they stem from toxic combinations. A misconfigured workload might seem harmless on its own, but add exposed credentials and an unpatched vulnerability, and attackers have a direct path to exploitation.
Not every security alert is a threat, but the right combination can bring down your cloud native and containerized applications.
Security incidents rarely happen because of a single weak point. Instead, they stem from toxic combinations. A misconfigured workload might seem harmless on its own, but add exposed credentials and an unpatched vulnerability, and attackers have a direct path to exploitation.Read More
IngressNightmare Vulnerabilities: All You Need to Know
On March 24, 2025, a series of several critical vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) were disclosed in the ingress-nginx Controller for Kubernetes, collectively termed IngressNightmare. These vulnerabilities could lead to a complete cluster takeover by allowing attackers unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster.
On March 24, 2025, a series of several critical vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) were disclosed in the ingress-nginx Controller for Kubernetes, collectively termed IngressNightmare. These vulnerabilities could lead to a complete cluster takeover by allowing attackers unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster.Read More
How the Google-Wiz acquisition redefines cloud security
Google’s acquisition of Wiz, announced last week, is a pivotal moment as it marks a strategic shift in how cyber security will evolve over the next few years. It instantly turns Google into a major player in security, adding Wiz to other building blocks Google has racked up in the past couple of years, most notably Mandiant and Google Chronicle.
Google’s acquisition of Wiz, announced last week, is a pivotal moment as it marks a strategic shift in how cyber security will evolve over the next few years. It instantly turns Google into a major player in security, adding Wiz to other building blocks Google has racked up in the past couple of years, most notably Mandiant and Google Chronicle.Read More
Supply Chain Security Risk: GitHub Action tj-actions/changed-files Compromised
On March 14th, 2025, security researchers discovered a critical software supply chain vulnerability in the widely-used GitHub Action tj-actions/changed-files (CVE-2025-30066). This vulnerability allows remote attackers to expose CI/CD secrets via the action’s build logs. The issue affects users who rely on the tj-actions/changed-files action in GitHub workflows to track changed files within a pull request.
Due to the compromised action, sensitive CI/CD secrets are being inadvertently logged in the GitHub Actions build logs. If these logs are publicly accessible, such as in public repositories, unauthorized users could access and retrieve the clear text secrets. However, there is no evidence suggesting that the exposed secrets were transmitted to any external network.
On March 14th, 2025, security researchers discovered a critical software supply chain vulnerability in the widely-used GitHub Action tj-actions/changed-files (CVE-2025-30066). This vulnerability allows remote attackers to expose CI/CD secrets via the action’s build logs. The issue affects users who rely on the tj-actions/changed-files action in GitHub workflows to track changed files within a pull request.
Due to the compromised action, sensitive CI/CD secrets are being inadvertently logged in the GitHub Actions build logs. If these logs are publicly accessible, such as in public repositories, unauthorized users could access and retrieve the clear text secrets. However, there is no evidence suggesting that the exposed secrets were transmitted to any external network.Read More
