Security insights from the Juliet team
Kubernetes security, supply chain threats, compliance, and lessons from the field.
We Tested Dirty Frag in Kubernetes: EKS and GKE Were Exploitable When Seccomp Was Unset
We tested Dirty Frag on EKS, GKE, Talos, and kind. EKS and GKE reached container root when seccomp was unset or Unconfined; RuntimeDefault blocked the tested xfrm chain; PSS Restricted blocked the full PoC on GKE and blocked tested prerequisites on EKS and Talos; and Talos blocked Unconfined because user namespaces were disabled.
Argo CD CVE-2026-43824: Read-Only App Access Could Expose Kubernetes Secrets
We reproduced CVE-2026-43824 in isolated Argo CD 3.2 and 3.3 labs. A read-only Argo CD account with applications get could use ServerSideDiff to receive cleartext managed Secret data when IncludeMutationWebhook=true. Fixed releases 3.2.11 and 3.3.9 masked the same path.
We Tested Copy Fail in Kubernetes: PSS Restricted and RuntimeDefault Did Not Block AF_ALG
Copy Fail is a Linux kernel page-cache corruption bug. We reproduced the primitive on Talos/containerd and EKS/Amazon Linux 2023/containerd: a non-root PSS Restricted pod reached AF_ALG, modified cached bytes for a shared image-layer file, and another pod on the same node observed the change. In controlled labs on both clusters, a separate allowPrivilegeEscalation pod consumed a mutated purpose-built setuid helper and reached euid 0. Here is what we tested, what we did not test, and how to defend Kubernetes nodes without overclaiming.
The Checkmarx Compromise: Two Waves, Three Artifacts, and the Bitwarden Chain
A two-wave supply chain attack by TeamPCP. Checkmarx GitHub Actions were force-pushed with infostealers on March 23, 2026. One month later the same attackers used stolen credentials to trojanize checkmarx/kics Docker images, re-compromise ast-github-action, and publish a malicious @bitwarden/cli 2026.4.0 npm package. Here is the full timeline, the exact affected versions, and how to scan your pipelines with abom.
Vercel's April 19 Security Incident: What Customers Should Do
A six-week supply-chain chain — from a Lumma Stealer infection at Context.ai in February 2026, through a compromised consumer AI Office Suite OAuth token, into a Vercel employee's shadow-IT signup and from there into Vercel's internal environments. Fully sourced with primary statements from Vercel, Context.ai, The Register, and Hudson Rock, with what customers should rotate and the Google Workspace OAuth audit every org should run.
Kyverno's 2026: Five Bugs, Eight Advisories, One Design Flaw
Ten Kyverno security advisories have been published in 2026. Eight of them trace to five distinct bugs in the same subsystem: user-controlled fields in a namespaced Policy that the admission controller's cluster-privileged ServiceAccount resolves without scope checks. The ConfigMap bypass disclosed this week (GHSA-cvq5-hhx3-f99p) is the newest variant.
Building Runtime Enforcement for Kubernetes with eBPF
How we replaced a Falco sidecar with an embedded eBPF sensor, built a five-stage event pipeline, and learned the hard way why namespace scoping matters for enforcement.
Axios Compromised: Finding It in Your Running Kubernetes Clusters
Malicious axios versions deployed a cross-platform RAT via npm for three hours. Your lockfile might be clean, but what about the container images already running in your clusters?
Introducing the ABOM: Why Your CI/CD Pipelines Need a Bill of Materials
SBOMs catalog your application dependencies. ABOMs catalog your pipeline dependencies. After the Trivy supply chain compromise, we built a tool to close that gap.
The Trivy Compromise: What Kubernetes Security Teams Need to Know
Trivy, the most widely used open-source container vulnerability scanner, was hit by a multi-stage supply chain attack. Here's what happened, who's affected, and what to do right now.