Unpacking the 2025 Gartner Market Guide for CNAPP

From siloed tools to a unified platform: Key takeaways from Gartner's new CNAPP report...

Key Takeaways from KubeCon + CloudNativeCon India 2025

...

Rapid7 named a representative vendor in 2025 Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP)

Being a cloud security professional can feel like you’re caught in the middle of a tug-of-war. On one side, developers, driven by the need for speed and innovation, see security as a potential bottleneck; on the other, business leaders, who are often removed from the technical weeds, have little...

PT-2025-34070 · Undefined · Undefined

🔥 Critical & High-Severity CVEs 1. CVE-2025-27461 — Ivanti Connect Secure / Policy Secure Auth Bypass → RCE Severity: Critical 9.8 Vector: Exploitable over the internet; bypasses auth → remote code execution. Why it matters: Actively exploited by ransomware crews; initial access vector. Defender...

LitmusChaos 安全漏洞

LitmusChaos is a program open-sourced by Litmus Chaos that practices chaos engineering in a cloud-native manner. A security vulnerability exists in LitmusChaos 3.19.0 and earlier versions, which stems from improper handling of the parameter projectID, which could lead to improper control of...

CVE-2025-32019 Harbor's repository description page allows for XSS

Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed ...

CVE-2025-47281 Kyverno's Improper JMESPath Variable Evaluation Leads to Denial of Service

Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below, a Denial of Service DoS vulnerability exists due to improper handling of JMESPath variable substitutions. Attackers with permissions to create or update Kyverno policies can craft...

CVE-2025-47281

CVE-2025-47281 affects Kyverno up to version 1.14.1, where DoS can be triggered by crafted JMESPath expressions using {{@}} with an invalid function, causing a nil substitution and a panic in getValueAsStringMap that crashes Kyverno worker threads and reports controller pod. The issue is fixed in...

Qualys Named an Overall Leader in CNAPP by KuppingerCole

We’re proud to share that Qualys has been named an Overall Leader in the 2025 KuppingerCole Leadership Compass for Cloud-Native Application Protection Platforms CNAPP—achieving leadership positions in both product and market presence. This recognition validates our commitment to delivering truste...

Elastic WAF: Reshaping Application Security for DevOps and Hybrid Environments

We recently discussed Imperva’s vision for the future of application security, where we also covered the Imperva Security Engine. This innovative application security framework is powering up the next generation of Imperva solutions, the first of which is Imperva Elastic WAF. This blog is the fir...

GHSA-62JJ-GR2R-5C34 vulnerabilities

Vulnerabilities for packages: s5cmd, capslock, metrics-server, influx, kustomize, falco-exporter, newrelic-infra-operator, kubernetes-csi-driver-nfs, frp, docker-cli-buildx, addon-resizer, http-echo, oauth2-proxy, gotestsum, prometheus-blackbox-exporter, cortex, hivemind, trivy, xcaddy,...

CVE-2025-47950

creationtimestamp| type| source ---|---|--- 2025-06-11 12:17:31+00:00| seen| https://bsky.app/profile/cloud-native.activitypub.awakari.com.ap.brid.gy/post/3lrdf7pspa5i2...

Key Takeaways from the Take Command Summit 2025: Demystifying Cloud Detection & Response – The Future of SOC and MDR

Cloud adoption has fundamentally reshaped security operations, bringing flexibility and scalability, but also complexity. In this session from the Take Command 2025 Virtual Cybersecurity Summit, Rapid7’s product leaders discussed how today’s SOC and MDR capabilities must evolve to keep up. Hosted...

Introducing Wiz Service Catalog: Democratize Cloud Security with Application Service Visibility

Empower platform teams and developers to reduce noise, scale ownership, and accelerate remediation across cloud-native apps...

CVE-2024-45054

Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has verbs of resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster,...

CVE-2019-19030

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...

CVE-2019-19025

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform...

CVE-2019-19023

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform...

CVE-2019-19029

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform...

IBM Concert Software Path Traversal Vulnerability

IBM Concert Software is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A path traversal vulnerability exists in IBM Concert Software that stems from improperly handling URL requests that contain point sequences, a...