An attack where a threat actor uses a reverse proxy to intercept communication between a user and an authentication service in real time, capturing session cookies and bypassing multi-factor authentication. AiTM phishing represents a major escalation in identity threats targeting cloud and SaaS environments.

An AWS IAM permission that allows a user or service to assign an existing IAM role to an AWS service. When misconfigured, it becomes a privilege escalation vector, allowing an attacker to pass a high-privilege role to a service like Lambda or EC2 and execute actions beyond their own permissions.

A Kubernetes control plane component that embeds cloud-specific logic, bridging cluster operations with cloud provider APIs for managing load balancers, storage volumes, and node lifecycle. It is the key abstraction layer that allows Kubernetes to work consistently across AWS, Azure, GCP, and other providers.

A unified security platform that consolidates cloud security posture management (CSPM), cloud workload protection (CWPP), and cloud infrastructure entitlement management (CIEM) into a single solution, providing visibility across the full application lifecycle from code to runtime.

A Kubernetes controller that guarantees a copy of a Pod runs on every node in the cluster. From an offensive security perspective, a malicious DaemonSet provides cluster-wide code execution, automatic persistence, node breakout via host mounts, and credential harvesting across all nodes.

A modern cybersecurity approach that applies software engineering practices to security detections, treating detection rules, queries, and logic as version-controlled, testable, and deployable code through CI/CD pipelines rather than relying on manual rule creation in SIEM interfaces.

A cybersecurity attack where an LLM is tricked into following hidden malicious instructions embedded in external data it processes, such as documents, emails, or uploaded files. This technique poisons the data the model retrieves, exploiting the inability of LLMs to distinguish trusted instructions from untrusted content.

A piece of code that intercepts requests to the Kubernetes API server before an object is persisted, acting as a gatekeeper that enforces security, governance, and operational policies. Admission controllers can validate or mutate resources, blocking non-compliant workloads before they enter the cluster.

A social engineering technique where attackers repeatedly send MFA push notifications to a target's device until they approve the request out of exhaustion. Used in the 2022 Uber and Cisco breaches, this attack exploits human psychology rather than cryptographic weakness, and has evolved alongside defenses like number matching.

An Oracle Cloud Infrastructure IAM feature that lets a compute instance authenticate and make authorized API calls without storing static credentials. Instance Principals eliminate the need for API key management by using certificates automatically issued and rotated by OCI.

A Linux container, typically in Kubernetes, that is granted nearly all capabilities of the host system's root user, removing the isolation boundary between the container and the underlying node. From a security perspective, a compromised privileged container gives an attacker direct access to the host kernel, filesystem, and network.

A Kubernetes mechanism that automatically adds a secondary container to a Pod at creation time. From an offensive perspective, an attacker with sufficient cluster privileges can inject malicious sidecar containers into trusted workloads to intercept traffic, steal credentials, and maintain persistent access.