Cloud Native Security, Container Security & Serverless Security Mon, 30 Jun 2025 12:19:39 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 https://www.aquasec.com/blog/patch-ditch-dodge-deal-vulnerability-prioritization/ Mon, 30 Jun 2025 12:00:08 +0000 https://www.aquasec.com/?p=25872 Security teams are drowning in vulnerabilities. Cloud native environments can generate tens of thousands of new findings every month, even before factoring in CI/CD pipelines and third party dependencies. With this volume, the challenge is not just finding vulnerabilities, it is deciding what to do about them. Fix everything? Impossible. Ignore everything? Risky. The key …]]> https://www.aquasec.com/blog/alert-noise-fix-toxic-combinations-first/ Thu, 27 Mar 2025 13:00:39 +0000 https://www.aquasec.com/?p=24952 Not every security alert is a threat, but the right combination can bring down your cloud native and containerized applications. Security incidents rarely happen because of a single weak point. Instead, they stem from toxic combinations. A misconfigured workload might seem harmless on its own, but add exposed credentials and an unpatched vulnerability, and attackers …]]> https://www.aquasec.com/blog/ingress-nginx-vulnerabilities-what-you-need-to-know/ Wed, 26 Mar 2025 00:16:06 +0000 https://www.aquasec.com/?p=25002 On March 24, 2025, a set of critical vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974 — collectively referred to as IngressNightmare was disclosed in the ingress-nginx Controller for Kubernetes. These vulnerabilities could lead to a complete cluster takeover by granting attackers unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster. What is …]]> https://www.aquasec.com/blog/new-aqua-user-experience-streamline-vulnerability-management/ Thu, 14 Nov 2024 04:10:26 +0000 https://www.aquasec.com/?p=23532 The new Aqua Hub update is designed to take the headache out of vulnerability management, addressing common challenges like alert overload and data consistency issues. With this update, teams get a clean, streamlined view of vulnerabilities that cuts through the noise, so they can focus on the critical issues without getting lost in irrelevant details. …]]> https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/ Tue, 04 Jun 2024 16:39:29 +0000 https://www.aquasec.com/?p=20387 Aqua Nautilus discovered a new campaign of Muhstik malware targeting message queuing services applications, specifically the Apache RocketMQ platform. Our investigation revealed that the attackers downloaded the known malware Muhstik onto the compromised instances by exploiting a known vulnerability in the platform. In this blog, we will explore how the attackers exploit the existing vulnerability …]]> https://www.aquasec.com/blog/ai-guided-remediation-unify-teams-and-speed-vulnerability-resolution/ Tue, 01 Aug 2023 08:55:26 +0000 https://www.aquasec.com/?p=14299 The urgent need for rapid remediation The window of vulnerability after the discovery of a security issue has never been more critical than it is with cloud native applications. Why is that? Cloud apps move fast. With modern CI/CD processes, code can be pushed to production multiple times per day. This means that security gaps …]]> https://www.aquasec.com/blog/find-new-openssl-vulnerabilities-with-trivy/ Tue, 01 Nov 2022 18:21:44 +0000 https://www.aquasec.com/?p=14568 Today, OpenSSL announced two new CVEs and mitigation recommendations. This blog provides guidance as to how you can identify the Open SSL vulnerability using Trivy. To both identify and mitigate the vulnerability, see this blog post Updated Security Advisory: New OpenSSL Vulnerabilities about mitigation with assurance policies in Aqua’s software supply chain solution. Package installed via …]]> https://www.aquasec.com/blog/thoughtworks-cloud-security-vulnerability-scanning/ Fri, 24 Sep 2021 09:15:00 +0000 https://www.aquasec.com/?p=15143 Many companies, in an effort to modernize their software and cloud tech stacks, are beginning to confront the challenges of managing security across multiple cross-functional, yet independent, teams – each with diverse tech stacks. One such example is Thoughtworks, a leading global technology consultancy that works with enterprises to enable them to keep pace with …]]> https://www.aquasec.com/blog/vulnerability-management-lifecycle/ Thu, 13 May 2021 10:03:53 +0000 https://www.aquasec.com/?p=15262 When it comes to containerized workloads, resolving the underlying image’s security vulnerabilities is paramount to ensuring the safety of your environment. Getting security risk information into the hands of developers quickly and efficiently is key to keeping development cycles as short as possible while maintaining a strong application security posture. What risk information can you …]]> https://www.aquasec.com/blog/vulnerability-scanning-process/ Mon, 22 Mar 2021 11:56:12 +0000 https://www.aquasec.com/?p=15301 The National Vulnerability Database (NVD), while a valuable source of vulnerability information, is inadequate for today’s cloud native ecosystem and the teams tasked with protecting it. The complex array of platforms, technologies, and deployment methodologies at play in cloud native environments means that detecting and remediating vulnerabilities (e.g., CVEs) does not eliminate all potential attack …]]>