JulietSecurity

Your GitHub Actions have dependencies you can't see. A single `uses:` line in your workflow can resolve to 5-6 nested actions. If any of them get compromised, grep won't find it. We built abom to map the full dependency tree - an SBOM for your CI/CD pipeline. github.com/JulietSecurity…

scope: container root proven on EKS + GKE. NOT host root. NOT container escape. AF_RXRPC unavailable on every cluster we tested — RxRPC fallback stayed unvalidated. full writeup: juliet.sh/blog/we-tested…

talos even with Unconfined seccomp: user.max_user_namespaces=0. unshare(USER) returns EPERM regardless of seccomp. xfrm chain has nowhere to start. we said this on copy fail — talos disabling things at the OS layer keeps showing up as the cleaner fix.

we tested dirty frag (page-cache LPE) on EKS, GKE, and talos. results: - seccomp Unconfined → container root on EKS + GKE - seccomp RuntimeDefault → xfrm chain blocked at unshare(USER|NET) - PSS Restricted → blocked talos surprised us.

@twtayaan the inventory step that gets skipped: grep your Applications for the `IncludeMutationWebhook=true` annotation. without it the bug doesn't fire in our lab. that narrows the population faster than auditing every Argo CD project + every managed Secret.

🚨 Argo CD users have a serious problem. - Low-privilege users could read Kubernetes resources outside their app scope - ServerSideDiff=true made it worse - Plaintext Secrets could be exposed with zero redaction Affected: - 3.2 < v3.2.11 - 3.3 < v3.3.9 Fix: > Upgrade now > Disable ServerSideDiff=true > Tighten RBAC > Rotate Secrets if enabled This one is bad. github.com/argoproj/argo-…

Argo CD CVE-2026-43824: did read-only app access overlap with managed Kubernetes Secrets? In our labs, IncludeMutationWebhook=true was the key condition. Fixed 3.2.11 / 3.3.9 masked the same path. juliet.sh/blog/we-tested…

Argo CD users: CVE-2026-43824 is worth checking today. Affected: 3.2.0-3.3.8 Fixed: 3.2.11 / 3.3.9 Upgrade first. Then inventory the exposure path: - who has application get - apps with IncludeMutationWebhook=true - managed apps containing Kubernetes Secrets

May 1 update: vendor guidance is moving quickly, but the Kubernetes finding is unchanged. RuntimeDefault/PSS Restricted did not remove AF_ALG reachability in our tests. Patch the kernel first; if patching is delayed, verify the mitigation on each node family.

we tested CVE-2026-31431 ("Copy Fail") on real Kubernetes clusters. PSS Restricted didn't block it. RuntimeDefault didn't block it. cross-pod mutation works without hostPath, just shared image layers.

Copy Fail update, May 1: Vendor guidance is moving fast, but the Kubernetes lesson is unchanged. - Debian's tracker lists trixie-security fixed at 6.12.85-1 - Ubuntu says it shipped a kmod mitigation while kernel package fixes follow - AlmaLinux says patched kernels are available in its testing repo - CloudLinux warns rmmod/modprobe mitigations do not work where algif_aead is built in - Sidero recommends Talos 1.12.7+ or 1.13.0+ RuntimeDefault/PSS Restricted still did not remove AF_ALG reachability in our tests.

@julianor Yes. The useful distinction from our tests: user namespaces and allowPrivilegeEscalation=false changed impact, not reachability. AF_ALG was still reachable. The controls that removed the path were the patched kernel or an explicit seccomp deny for AF_ALG.

Good information from Juliet Security on Copy Fail container escape potential and Kubernetes mitigations. Patch, yes. But also use this as a design review: what still holds if a pod becomes the node?

K8s side: RuntimeDefault didn't block AF_ALG, PSS Restricted didn't either. cross-pod page-cache mutation worked on Talos + EKS without hostPath. full writeup with hex dumps + seccomp policy: juliet.sh/blog/we-tested…

mitigation is a Localhost seccomp profile denying socket() where arg0=38. full repro on both clusters with hex dumps and the policy file: juliet.sh/blog/we-tested…

non-root pod with allowPrivilegeEscalation:true + a cached setuid helper whose bytes got mutated = euid 0. PSS Restricted alone doesn't stop it. allowPrivilegeEscalation:false breaks the chain even after page-cache mutation.

@Bitwarden adding the upstream context for CI teams: bitwarden cli was the payload stage. the entry point was checkmarx's GitHub Actions composite chain. if your pipeline ran those, transitive action deps are the invisible part. github.com/JulietSecurity… enumerates them.

Bitwarden identified and contained a malicious package briefly distributed through the npm delivery path for the Bitwarden CLI in connection with the broader Checkmarx supply chain incident. No user vault data or production systems were compromised or at-risk. Additional details and updates are available here: community.bitwarden.com/t/bitwarden-st…

@Dinosn bitwarden was downstream of the entry point. attacker was inside checkmarx's GitHub Actions composite chain for a month. most CI pipelines can't enumerate transitive action dependencies (composite and reusable workflows nest 2-3 deep). github.com/JulietSecurity… maps the tree.

Checkmarx supply chain attack impacts Bitwarden npm distribution path securityaffairs.com/191215/uncateg…

the propagation mechanism is worse than it looks. compromised actions can be pulled transitively through composite actions, so a repo that never explicitly references kics-github-action can still be exposed if some action it does use imports it. github.com/JulietSecurity… maps the full dependency tree.

🗞️ Checkmarx KICS Docker images and VS Code extensions were compromised by "TeamPCP" to steal developer credentials and GitHub tokens. This supply chain attack injects malicious workflows into enterprise repositories to facilitate further propagation.