Brought to you by Nigel Douglas, Head of Developer Relations at Cloudsmith.
October delivered a stark reminder that vigilance is never optional. It was a brutal month for security, marked by a barrage of high-severity flaws. We saw everything from the 9.9-rated ASP.NET Core authentication bypass (CVE-2025-55315) to "TARmageddon" (CVE-2025-62518) in the Rust ecosystem, which frustratingly replayed a critical path traversal flaw from 2022.
These vulnerabilities, combined with another high-profile malware campaign like "PhantomRaven" on npm, re-emphasises the relentless pressure on the software supply chain. In response, we're seeing vital community efforts to build resilience, from new white papers on securing Python package archives to a maturing conversation around vulnerability triage and the practical, enterprise-wide use of SBOMs.
While we fight these defensive battles, the platforms we build on are rapidly evolving. The Kubernetes ecosystem celebrated Helm's 10th anniversary while simultaneously pushing new enhancements in v.1.35 (like KEP-4742) to support large-scale AI workloads and re-evaluating core security concepts like workload isolation. This push for AI is a key theme, with new tools like PyTorch's "Monarch" emerging to tame cluster programming and new, compact models from IBM making edge AI more accessible. This new frontier, however, brings its own risks, most notably the critical need for artifact management to secure code and dependencies suggested by GenAI.
Let’s jump in.
VULN ROUND UP
Common Vulnerabilities & Exposures
Flaw in ASP.NET Core allows HTTP request smuggling NVD: CVE-2025-55315
Dubbed as the “worst .NET vulnerability ever”, this 9.9-rated vulnerability is a security feature bypass that impacts how applications handle authentication and authorisation. An attacker could craft a nested request, potentially leading to privilege escalation or request manipulation. The smuggled request could cause your application code to login as a different user (EOP), forcing an internal SSRF, bypassing CSRF checks, or performing an injection. Promptly applying the patch is critical to ensure these protections remain strong.
A newly discovered vulnerability has been found in the popular Rust ‘async-tar' crate. This flaw is a stark reminder of the hidden dangers that can lurk in software supply chains. The issue is a path traversal vulnerability in the crate's extraction logic. It allows attackers to overwrite arbitrary files on a user's system during archive extraction. This vulnerability is a near-identical replay of the 2022 "TarGhost" flaw found in the standard Rust ‘tar` crate, highlighting how critical lessons can be forgotten or overlooked in different implementations.
Secret leak in HAProxy Kubernetes Ingress Controller
The latest versions of the HAProxy Kubernetes Ingress Controller have a vulnerability that could enable privilege escalation attacks. Users with permissions to create or update ingress objects can exploit a flaw in the config-snippets feature, allowing them to gain access to Kubernetes API secrets.
Microsoft WSUS Remote Code Execution via Deserialisation Bug
A significant security vulnerability has been found in the Unity game engine, affecting most games made since 2017 across PC and mobile platforms. The flaw allows attackers to use debug startup commands to trick a game into loading malicious code, effectively bypassing system defenses by granting the malware the same high-level privileges as the game itself. This vulnerability can be exploited by a low-privilege app or remotely via a malicious web link. While no active attacks have been seen, the ease of exploitation has led Valve to block unsafe launches on Steam and Microsoft to recommend uninstalling vulnerable games until developers recompile and release essential patches for users to install.
IN THE NEWS
CI/CD Security
The 3Rs of Critical Infrastructure: Responsibility, Resilience, and Reality
On Monday, October 20th, 2025, a large part of the internet blipped in and out of existence. One of AWS’s busiest regions, us-east-1, went dark. A single DNS bug inside DynamoDB snowballed into hours of failures worldwide. In his latest blog post, Cloudsmith CTO Lee Skillen explores the recent outage through the lens of the “3Rs of Critical Infrastructure: Responsibility, Resilience, and Reality.”
PhantomRaven Malware Found in 126 npm Packages Source: TheHackerNews
The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the first packages were uploaded to the repository. It has since ballooned to a total of 126 npm libraries, attracting more than 86,000 installs.
Improving Security and Integrity of Python Package Archives
The white paper details potential future work to shore up the security of ZIP and tar implementations that are in widespread use, such as the zipfile and tarfile module in the Python standard library. The white paper also makes recommendations for packaging ecosystems regarding reproducible builds of archives.
Using Vulnerability Scoring Systems to Prioritise Risks Source: Cloudsmith
This triage model reflects the realities of limited time, team resources, and the explosion of third-party software risk. Users are advised to focus primarily on CVEs associated with in-use packages that have a known fix available. If there’s no fix available, we cannot take proactive steps to patch the known vulnerable packages.
Understanding the Proposed CISA 2025 SBOM Minimum Elements Source: Kusari.dev
Over time, richer SBOM practices, such as cross-project dependency analysis and historical tracking, can become powerful enablers of enterprise-scale operations. The key takeaway is that SBOMs aren’t just about meeting a compliance requirement. They are useful in understanding software composition, managing dependencies, and ultimately delivering software with greater confidence, speed, and control.
Kubernetes
7 Common Kubernetes Pitfalls (and How I Learned to Avoid Them) Source: Kubernetes.io
Kubernetes is amazing, but it’s not psychic. It won’t magically do the right thing if you don’t tell it what you need. By keeping these pitfalls in mind, you’ll avoid a lot of headaches and wasted time. Mistakes happen, but each one is a chance to learn more about how Kubernetes truly works under the hood.
This KEP introduces a built-in Kubernetes admission plugin that automatically copies node topology labels (like zone, region, or rack) onto Pods. It allows Pods to access this topology data through the Downward API without using privileged init containers or custom scripts. The change simplifies topology-aware workloads such as distributed AI/ML training, CNI optimizations, and sharded databases, making topology awareness a secure and native part of Kubernetes. This KEP is tracked for beta in v.1.35.
Beyond Namespaces: Why Kubernetes Needs Real Workload Isolation Source: TheNewStack
It’s worth remembering that virtualisation solved this problem decades ago. VMs enforced hard boundaries by giving each workload its own kernel. One VM couldn’t trivially interfere with another. Containers traded this away for speed, density and agility. Lewis Denham-Parry argues that while those trade-offs were considered rational at the time, the industry must move beyond the illusion of isolation and embrace runtime environments that enforce it for real.
CNL: Prioritising Unpatched CVEs in the Kubernetes Ecosystem Source: YouTube
Drowning in Kubernetes CVE alerts? This demo-driven session shows how to cut through noise and focus on real threats. Learn to correlate vulnerabilities with EPSS, ExploitDB, and CISA KEV data to prioritise risks effectively. Through live demos of critical CVEs, gain practical strategies and a clear framework for mitigating what truly endangers your clusters.
Helm's origins trace back to 2015 as a Deis project called "Helm Classic," which was unveiled at the inaugural KubeCon. In January 2016, this tool was merged with Google's Kubernetes Deployment Manager, and the combined initiative was moved under the stewardship of Kubernetes. The project's journey continued as it was elevated to a full CNCF project in June 2018, moving beyond its subproject status. Finally, Helm achieved graduated status within the CNCF in April 2020.
AI, MLLs & MCP
GenAI Code is Changing the Demands Being Put on Artifact Management Source: Cloudsmith
An AI model doesn't ‘know’ if a dependency is credible, accurate, or safe. It's not testing that package in a sandbox. It's making a statistically probable recommendation based on the data it was trained on. Learn how artifact management platforms like Cloudsmith help developers stay secure when generating code and dependencies from general purpose LLMs.
CoreWeave Acquires Marimo to Unify the Generative AI Developer Workflow Source: CoreWeave
Marimo is the company behind the Marimo Notebook, an open-source, development environment for Python that redefines how developers create, share, and deploy their ML projects. This acquisition will merge Marimo's technology into the CoreWeave Cloud, creating a unified platform for developers that covers the full AI lifecycle. This includes training, inference, data movement, and ongoing iteration.
PyTorch Team Unveils Framework for Programming Clusters Source: InfoWorld
Meta's PyTorch team has released Monarch, a framework designed to simplify distributed programming across large GPU clusters. It combines a Python front end for easy integration with a high-performance Rust back end. Monarch's key feature is separating control commands from data transfers, enabling direct GPU-to-GPU communication and making complex, distributed operations appear simple and local to the developer.
IBM Releases Its Smallest AI Models Yet (Available via Hugging Face) Source: It's FOSS News
IBM has launched Granite 4.0 Nano, its smallest AI model yet, reinforcing its enterprise strategy focused on transparent, open-source, and responsible AI. Released ahead of schedule under an Apache 2.0 license for commercial use, these compact models are specifically designed for low-latency applications on edge devices where cloud models are impractical. Though small, they were trained using the same pipelines as the larger Granite 4.0 models and carry the same ISO 42001 certification for responsible AI governance.
Proximity: Open-source MCP Security Scanner Source: Help Net Security
A new open-source scanner, Proximity, inspects MCP servers to discover their available prompts, tools, and resources. The tool's purpose is to analyze these components and assess any potential security risks they introduce. It also integrates with NOVA, a rule engine, to actively detect specific threats, including jailbreak attempts and prompt injection. This free tool is accessible on GitHub.
Attackers are exploiting known mistakes in GenAI code outputs to slip malicious packages into software ecosystems. Learn how typosquatting and slopsquatting attacks work, why AI is accelerating this type of attack, and the practical steps you can apply today to detect, prevent, and secure your software supply chain.
Join Cloudsmith in Atlanta at KubeCon + CloudNativeCon NA 2025, Booth 530! Catch lightning talks, hands-on demos, and earn prizes while learning how to secure every artifact in your supply chain. Visit the event page to request a discount pass or book a 1:1 meeting with our team.
Date/Time: Monday, November 10 (2:00 PM - 6:00 PM EST) - Hilton Garden Inn, Atlanta, Georgia, USA
Supply chain attacks are coming for your pipeline. Can you stop them? In this Capture the Flag challenge, you’ll battle real-world threats using Trivy and OPA. Scan images and packages for hidden vulnerabilities, generate SBOMs to trace risky dependencies, and write Rego policies to lock down your supply chain. Each level raises the stakes, from prioritising exploits with EPSS to quarantining artifacts before they spread. Complete every challenge before the event ends, and you’ll claim not just bragging rights, but a shot at prizes too.
Date/Time: Wednesday, November 13 (7:00 PM - 11:00 PM EST) - Wild Leap Atlanta, Atlanta, Georgia, USA
After two days of learning at KubeCon + CloudNativeCon, unwind with smoky BBQ, local brews, and live blues. Join us at one of Atlanta’s hottest breweries for an evening of great food, music, and conversation with DevOps, DevSecOps, Cloud, and Open Source pros from around the world.
Presented by Cloudsmith, Chainguard, Mend.io, Sysdig, and Tailscale.
If you missed our recent webinar, you can still watch on demand to see how Cloudsmith & Kusari enable proactive security to prevent tampering, improve visibility, and speed deployments, ultimately reducing rework and strengthening your software supply chain.
Signed, sealed, and delivered - see you next issue.
