Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2025-1974 is a critical remote code execution (RCE) vulnerability in Kubernetes’ Ingress-NGINX Controller that allows unauthenticated attackers with network access to inject arbitrary NGINX configuration directives, potentially leading to full cluster compromise. Ingress-NGINX is a software-only ingress controller provided by the Kubernetes project. Because of its versatility and ease of use, ingress-nginx is quite popular: it is deployed in over 40% of Kubernetes clusters.

On March 24, 2025, ingress-nginx maintainers released fixes for multiple vulnerabilities that could allow threat actors to take over Kubernetes clusters. Ingress is a Kubernetes feature that defines how workload Pods are exposed to the network, while an Ingress Controller implements those rules by configuring the necessary local or cloud resources. According to Kubernetes, ingress-nginx is deployed in over 40% of Kubernetes clusters.

In my security research role at Corelight, I often have to go through large, complex data sets to detect subtle anomalies and threats. It reminds me of a famous quote by Abraham Lincoln: Give me six hours to chop down a tree and I will spend the first four sharpening the axe. For me, that means investing time up front to build tools that allow a large language model (LLM) to do the heavy lifting on key tasks, namely those that teams of analysts would have handled in the past.

On March 24, 2025, Wiz Research disclosed a series of critical vulnerabilities in Ingress NGINX Controller for Kubernetes, collectively dubbed: These unauthenticated Remote Code Execution (RCE) vulnerabilities have been assigned a CVSS base score of 9.8. According to Wiz Research, exploitation allows attackers to gain unauthorized access to all secrets across all namespaces in affected Kubernetes clusters, potentially leading to complete cluster takeover.

Today, Cato Networks has been honored by CRN with a 5-Star Award in the 2025 CRN Partner Program Guide. This annual guide is an essential resource for solution providers seeking vendor partner programs that match their business goals and deliver high partner value. This is the first time Cato has received a 5-star rating for our global partner program and that’s because we empower our partners to deliver a best-in-class SASE platform to customers.

As organizations strengthen endpoint and cloud security, attackers are shifting their focus to often-overlooked network infrastructure like routers, switches, and firewalls. Legacy vulnerability management (VM) solutions struggle to keep pace, relying on slow, periodic scans that fail to provide real-time visibility into emerging threats.

When IT leaders hear the term “single-vendor SASE,” many assume it implies an immediate, all-encompassing migration—a daunting project requiring the wholesale replacement of existing network and security infrastructure. This misconception can lead to hesitation in embracing a more modern and efficient approach to secure access. The reality, however, is quite different: SASE (Secure Access Service Edge) is a journey, not a single project.

Choosing the right WAF solution is not just about ticking a checkbox—it’s about ensuring real-time security, threat intelligence, and seamless operations. A poorly chosen WAF can lead to downtime, false positives, compliance gaps, and missed zero-day threats. So, before you commit to a WAF provider, ask these critical questions to ensure your web applications and APIs are protected against evolving cyber threats.