Ram Shankar Siva Kumar 🦝

Download Pentera Labs Report - revealing three new critical injection points in the ingress-nginx controller, building on Wiz’s IngressNightmare CVE. These overlooked vulnerabilities could let attackers hijack traffic, spoof headers, or reach unauthorized backend services - They exist in one of the most widely used ingress controllers in Kubernetes, putting countless environments at risk. This research highlights how small misconfigurations can lead to major exposure in modern cloud-native architectures. What’s Inside: ✅ 3 new injection vulnerabilities in ingress-nginx ✅ How attackers find and exploit CVEs in open source ✅ Actionable tips to secure your Kubernetes environment https://lnkd.in/eHtX6EdP

9

1 Comment

Download Pentera Labs Report - revealing three new critical injection points in the ingress-nginx controller, building on Wiz’s IngressNightmare CVE. These overlooked vulnerabilities could let attackers hijack traffic, spoof headers, or reach unauthorized backend services - They exist in one of the most widely used ingress controllers in Kubernetes, putting countless environments at risk. This research highlights how small misconfigurations can lead to major exposure in modern cloud-native architectures. What’s Inside: ✅ 3 new injection vulnerabilities in ingress-nginx ✅ How attackers find and exploit CVEs in open source ✅ Actionable tips to secure your Kubernetes environment https://lnkd.in/eHtX6EdP

6

1 Comment

Download Pentera Labs Report - revealing three new critical injection points in the ingress-nginx controller, building on Wiz’s IngressNightmare CVE. These overlooked vulnerabilities could let attackers hijack traffic, spoof headers, or reach unauthorized backend services - They exist in one of the most widely used ingress controllers in Kubernetes, putting countless environments at risk. This research highlights how small misconfigurations can lead to major exposure in modern cloud-native architectures. What’s Inside: ✅ 3 new injection vulnerabilities in ingress-nginx ✅ How attackers find and exploit CVEs in open source ✅ Actionable tips to secure your Kubernetes environment https://lnkd.in/eHtX6EdP

3

[XRSecurity Workshop 2025] Call For Papers (Deadline: August 1, 2025) Extended Reality (XR) is a comprehensive term that includes Augmented Reality (AR), Mixed Reality (MR), and Virtual Reality (VR). XR bridges physical and digital worlds, creating interactive, immersive experiences that merge with the real world. It offers numerous applications across education, training, manufacturing, collaborative 3D design, art, and multiplayer gaming. Despite these benefits, XR systems introduce unique security, privacy, and trust challenges due to the intimate connection between users, their XR devices, and their immediate environments. The potential attacks can involve information flooding to induce latency and physical discomfort, injecting misleading virtual content to distract or deceive users, subverting personal area networks to create confusion, spoofing alarms, assessing user status through eye tracking, and accessing onboard cameras to gather environmental information without the user's awareness. Additionally, XR apps can access sensitive real-time inputs like eye gaze, head movement, hand gestures, and even biosignals, and users' immediate environment. These signals, while critical for immersive experiences, open up novel attack surfaces such as keystroke inference, emotional profiling, and behavioral tracking. This workshop will explore the security, privacy, and trust challenges in XR systems, along with potential solutions. Topics of interest include, but are not limited to: -- Threat modeling and risk assessment in XR environments -- Secure data transmission and storage in XR systems -- Privacy-preserving techniques for XR applications -- Authentication and access control mechanisms for XR -- AI-driven security solutions for XR -- Case studies and real-world applications of secure XR systems -- Side-channel vulnerabilities and mitigation strategies in XR systems -- Security in shared or collaborative XR environments -- Human-centered and usable security designs for XR -- Security and privacy in edge-assisted and cloud-connected XR platforms Important dates -- Submission deadline: August 1, 2025 -- Acceptance notification: August 22, 2025 -- Camera-ready manuscript deadline: August 29, 2025 -- Workshop: October 30, 2025 You can find more information on the workshop website https://lnkd.in/ejmpHq4b The workshop will be co-located with ACM MobiHoc 2025, October 27-30, 2025, Houston, USA. Organizers: Maria Gorlatova (Duke), Bin Li (Penn State), and Ming Li (UT Arlington)

11

Honored to have completed a peer review for an international conference paper on remote workforce security within a governance and control framework for #ICECET 2026, organized by the IEEE Italy Section and scheduled in Rome, Italy (6–9 July 2026). Istanbul Medipol University Operations Research Society and served as a Review Committee Member. The paper focused on strengthening security governance for distributed teams, aligning controls with organizational risk posture, compliance needs, and evolving remote work threats. Grateful for the opportunity to contribute to the review process of a multidisciplinary, peer‑reviewed IEEE conference that brings together global researchers and practitioners in electrical, computer, and energy technologies. Looking forward to more collaborations at the intersection of cybersecurity, remote work, and governance frameworks.

87

2 Comments

Edge cases used to live in footnotes. Now they define the outcome. I wrote this piece after watching how quickly a rare scenario can become an everyday problem once technology moves into the physical world. When systems operate at scale, the unexpected is no longer optional. It is inevitable. The Waymo incident in San Francisco is not really about autonomous vehicles. It is about the limits of legal forecasting when we assume that “normal operations” will hold. They rarely do. Legal teams are being asked to advise on products that interact with infrastructure, people, and public trust in real time. Static risk registers and historical assumptions are not enough. We need to plan for stress, ambiguity, and failure before they happen. I explore this in the article here: https://lnkd.in/ggRiNQXF If you want to go deeper, we built a full Decision Lab that lets legal teams work through these scenarios as live judgment calls, not hypotheticals: https://lnkd.in/gRcERJB9 And if you want to experiment with this approach directly, we are opening a public beta of Coach Frankie. It is designed to teach legal judgment, not provide canned answers. https://lnkd.in/gkPe4CYP The core shift is simple but uncomfortable: the edge case is no longer at the edge. It is the work. — Olga V. Mack I build legal systems for real life.

26

6 Comments

"Agentic AI Frameworks: Architectures, Protocols, and Design Challenges" provides a concise comparison of Agentic AI frameworks and Agent Communication Protocols. Key insights from this paper include: • Modern agents are defined as autonomous and collaborative entities, equipped with reasoning and communication capabilities, able to dynamically interpret contexts, orchestrate tools, and adapt behavior through memory and interaction across distributed systems. • Memory is foundational for context-aware, adaptive agent behaviour, with frameworks implementing various approaches like short-term, long-term, semantic, procedural, and episodic memory. • Agent communication protocols are evolving to enable peer discovery, context sharing, and coordinated action, moving towards service-oriented interoperability, though fragmentation persists. • Guardrails are essential for ensuring agents act safely and predictably, with frameworks like AutoGen and LangGraph offering native support, highlighting a need for standardised safety layers. • Despite widespread applications in areas like software engineering, finance, and intelligent transportation, critical limitations remain. These include architectural rigidity, lack of runtime discovery, code safety risks from generated code, and significant interoperability gaps between frameworks. Read the paper: https://lnkd.in/gHkcK_a3

28