The top K8s ingress controller is officially dead, and base OSes are still handing out trivial root shells.
๐ End of the Road for Ingress-Nginx
Maintainers dropped the final ingress-nginx release to patch one last CVE before archiving the project. If you stay on this abandoned edge infrastructure, the next bug is a permanent zero-day.
Action: Apply the final patch, rip out the legacy controller, and migrate to the Gateway API.
๐ฅ Shattering AppArmor Isolation
Qualys dropped "CrackArmor," exposing AppArmor flaws that completely break container sandboxing. Unprivileged attackers can bypass `userns`, trash profiles, and abuse kernel memory corruption to get root and escape to the host.
Action: Patch host kernels and AppArmor on Ubuntu/Debian worker nodes immediately. Exploit primitives are in the Qualys advisory.
๐ Silent Drive-By Key Theft
The TinaCMS CLI dev server ships a lethal combo: wildcard CORS plus path traversal. A drive-by browser attack lets any malicious website silently yank `~/.aws/credentials` and SSH keys straight from your devs' local machines.
Action: Force upgrades to the patched release in GHSA-8pw3-9m7f-q734. Have endpoint agents flag browsers making unexpected background requests to local dev ports containing `../`.