Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Containers are supposed to be isolated — but what happens when that isolation breaks? In this video, we explain critical container escape vulnerabilities in runc, the default container runtime used by Docker and Kubernetes, and why they represent a serious container security risk. Recent disclosures known as the “Leaky Vessels” vulnerabilities show how a compromised container can escape its sandbox, access the host filesystem, and potentially take over the node.

It’s December, and Kubernetes 1.35 is almost here - with security changes that can break workloads or access paths if you upgrade unprepared. This video is a fast, practical security edition rundown for security and platform engineers: what changed, why it matters, and what to verify before you roll 1.35 into production. In this video (Kubernetes 1.35 security highlights): If you want a deeper dive, comment with what you’re running today (managed K8s vs self-managed, distro, container runtime, auth setup) and I’ll break down the safest upgrade path.

Runtime attacks don’t wait for your next scan. Falco detects suspicious behavior in real time across Kubernetes, containers, and Linux hosts—using syscall signals (eBPF/kernel module) plus a rule engine and plugins. In ~10 minutes, you’ll learn how Falco works end-to-end, where it fits in a modern cloud-native security stack, and how to operationalize it without drowning in noise. In this video: Getting started checklist (practical).