https://cybercrime.club/tags/serviceaccount/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usSun, 26 Apr 2026 10:00:00 -0400https://cybercrime.club/deep-dives/controller-token-leak-confused-deputy-kubernetes/Sun, 26 Apr 2026 10:00:00 -0400https://cybercrime.club/deep-dives/controller-token-leak-confused-deputy-kubernetes/Six CVEs in three months, four against a single Kyverno feature, plus OpenShift AI and Argo CD: every modern Kubernetes platform is shipping helper code that hands its controller's bearer token to attacker-controlled URLs. The bug class isn't going to fix itself.