https://cybercrime.club/tags/token-leak/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usFri, 17 Apr 2026 07:08:52 -0400https://cybercrime.club/posts/kyverno-cve-2026-40868-apicall-bearer-token-confused-deputy/Fri, 17 Apr 2026 07:08:52 -0400https://cybercrime.club/posts/kyverno-cve-2026-40868-apicall-bearer-token-confused-deputy/A high-severity flaw in Kyverno's apiCall servicecall helper implicitly attaches the controller's ServiceAccount bearer token to policy-controlled outbound URLs, letting any ClusterPolicy author exfiltrate the token and impersonate the Kyverno controller.vulnerabilities