Brought to you by Nigel Douglas, Head of Developer Relations at Cloudsmith.
November delivered a relentless wave of high-impact security news, from a CVSS 10.0 Grafana flaw that enables impersonation and a Critical Kubernetes RCE vulnerability, to the escalated Shai-Hulud supply chain attack on the npm ecosystem and the first reported AI-orchestrated cyber espionage campaign. Meanwhile, the ecosystem pivots, with Ingress NGINX retirement announced, Kubernetes 1.35 on the horizon, and new open-source tools like Malcontent and DeepTeam arriving to help developers secure their stacks against these evolving threats.
A security issue was discovered in Kubernetes (CVSS 9.8 / +90% EPSS) where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note: In the default installation, the controller can access all Secrets cluster-wide.
Unsafe Deserialisation vulnerability in Modular Max Serve
The vulnerability could allow attackers to execute arbitrary code on affected systems, potentially leading to complete system compromise. As Modular Max Server is used in AI infrastructure processing sensitive data across GPU clusters, successful exploitation could enable attackers to execute malicious code, escalate privileges to other internal systems, exfiltrate model data or secrets, and potentially install GPU-based cryptominers.
Decade-old Linux kernel flaw that’s actively exploited in ransomware campaigns
A privilege escalation vulnerability in the Linux kernel's netfilter component, is being actively exploited in ransomware campaigns. This use-after-free vulnerability, present in the Linux kernel for over 10 years, provides attackers with a path to gaining root privileges on compromised systems. It was first discovered in January 2024, with Linux publishing a patch the following month. With privileged access provided by the vulnerability, however, attackers can still launch ransomware operations.
In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow for overriding internal user IDs and lead to impersonation or privilege escalation. The analytics and observability platform said the vulnerability was discovered internally on November 4, 2025, during an audit and testing. Given the severity of the issue, users are advised to apply the patches as soon as possible to mitigate potential risks.
IN THE NEWS
CI/CD Security
What would happen if the internet suddenly stopped working?
On 18 November 2025 at 11:20 UTC, Cloudflare's network began experiencing significant failures to deliver core network traffic. This showed up to Internet users trying to access our popular websites as an error page indicated a failure within Cloudflare's network. The issue was not caused, directly or indirectly, by a cyber attack or malicious activity of any kind. Instead, it was triggered by a change to one of Cloudflare’s database systems' permissions which caused the database to output multiple entries into a “feature file” used by their Bot Management system.
Shai-Hulud: The second coming - what you need to know Source: Cloudsmith
A significantly escalated wave of the Shai-Hulud software supply chain attack is currently impacting the npm ecosystem. Beginning around November 24, 2025, the campaign expanded its target surface and adopted new execution techniques. The immediate consequence is automated credential theft, supply-chain propagation, and potential destructive data loss across developer environments and CI/CD systems. Dev teams who install impacted npm packages, including those from Zapier, ENS Domains, Postman, and PostHog, may be affected.
malcontent discovers supply-chain compromises through the magic of context
In light of the recent Shai-Hulud incidents, Chainguard built the open-source tool, Malcontent, to help detect supply chain compromises in software by using contextual analysis, differential analysis, and over 14,000 YARA rules. It operates in three main modes: diff performs risk-weighted differential analysis between two program versions, analyse conducts a deep analysis of a program's capabilities (like gathering system info or using exec commands), and scan runs a basic scan for malicious content. Designed for CI/CD pipeline integration and supporting air-gapped networks, it can analyse code from most common languages and binary files in formats like ELF, Mach-O, and PE.
There are countless opinions on how to fix our supply chain problems. Everything from “it’s fine” to “ban all open source”. But there is one common thread every possible option has, and that’s understanding what software is in your supply chain. And when we say “software in your supply chain” we really mean all the open source you’re using. So how do we track all the open source we’re using? There are many opinions around this question, but the honest reality at this point is SBOMs (Software Bills of Material) won. So what does this have to do with us in the future?
Kubernetes
Kubernetes 1.35: What you need to know Source: Cloudsmith
Kubernetes 1.35 will be released on December 17th, and this release brings a whole bunch of useful enhancements, including 30 changes tracked as ‘Graduating’ in this Kubernetes release. From these, just 15 enhancements are graduating to stable, such as the addition of Kubelet option to specify the maximum age an image that will be kept around before it’s garbage collected. This is beneficial to cluster admins because unused images can now be garbage collected in a timely manner, no longer occupying disk space forever.
To prioritise the safety and security of the ecosystem, Kubernetes SIG Network and the Security Response Committee are announcing the upcoming retirement of Ingress NGINX. Best-effort maintenance will continue until March 2026. Afterward, there will be no further releases, no bugfixes, and no updates to resolve any security vulnerabilities that may be discovered. Existing deployments of Ingress NGINX will continue to function and installation artifacts will remain available.
GKE had already supported production clusters with up to 65,000-nodes, as announced last year in the official Google Cloud blog, claiming over 10 times the scale of competitors. The new 130,000-node run, executed in experimental mode, pushed this boundary further. This announcement arrives amid surging demand for massive compute resources driven by artificial intelligence workloads.
DRA is GA! Kubernetes WG device management - GPUs, TPUs, NICs and more Source: YouTube
Watch this session from Kubecon NA if you’re interested in optimising the use of specialised hardware for AI workloads within Kubernetes. The talk from Intel, Nvidia and Google provides some crucial updates on the state of the Dynamic Resource Allocation (DRA) feature, which has reached General Availability (GA) in Kubernetes 1.34, making it significantly easier to configure, allocate, and share these resources efficiently. You’ll get a roadmap of future features planned for Kubernetes 1.35 and beyond, offering a valuable opportunity to learn about the newest advancements and even influence the direction of accelerated workload support.
AI, MLLs & MCP
Securing the intersection of AI models and software supply chains
The adoption of artificial intelligence is seen in just about all industries, with software engineering experiencing large benefits from AI assistants. Tools like Anysphere’s Cursor and Anthropic’s Claude are driving a fundamental shift in how engineering teams build and ship software. However, as development teams rush to integrate LLMs and generative capabilities into their products, a critical blind spot is emerging in the software supply chain.
Disrupting the first reported AI-orchestrated cyber espionage campaign
Anthropic recently published a post on how the threat actor, whom they assess with high confidence to be a Chinese state-sponsored group, manipulated their Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. They believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention.
OpenAI Mixpanel security incident - what you need to know Source: Scalevise
The recent Mixpanel incident connected to OpenAI API accounts is a clear reminder that even non critical metadata leaks can introduce real security exposure. This was not a breach inside OpenAI. It was an analytics vendor issue. Yet the downstream risk applies to every engineering team relying on external tools to support their API stack. OpenAI confirmed that its own systems, API environments, and customer data were not compromised.
Security teams are pushing large language models into products faster than they can test them, which makes any new red teaming method worth paying attention to. DeepTeam is an open-source framework built to probe these systems before they reach users, and it takes a direct approach to exposing weaknesses. The tool runs on a local machine and uses LLMs to simulate attacks as well as evaluate the results. It applies techniques drawn from recent research on jailbreaking and prompt injection, which gives teams a way to uncover issues such as bias or exposure of personal data. Once DeepTeam finds a problem, it offers guardrails that can be added to production systems.
Supply chain attacks are getting faster and harder to spot - so in this hands-on Capture the Flag workshop, you’ll defend a real cluster using open source tooling.
If you missed our recent webinar, you can still watch on demand to see how Cloudsmith enables proactive security to detect and prevent typosquatted software packages from being ingested and consumed by software developers, ultimately improving reliability in your software supply chain.
Catch up on this year’s most attended webinar to learn how GenAI is reshaping artifact pipelines, why scale and performance now matter more than ever, and how teams are automating policy, provenance, and compliance to stay ahead of growing supply chain risk. Unlock what modern, cloud-native tooling makes possible beyond the limits of legacy systems.
Signed, sealed, and delivered - see you next issue.
