Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Within 24 hours, three new high-severity vulnerabilities were disclosed in runc, the low-level runtime that underpins most container platforms, including Docker, containerd, Kubernetes, and nearly every major cloud provider’s managed Kubernetes service. These vulnerabilities (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) allow a malicious container image to break out of the container boundary and affect the host machine directly.

Hi there, We’ve just dropped a fresh batch of updates to help you cut through the noise, stay in control, and secure your cloud-native environments with more precision. Here’s what’s new in the ARMO Platform this month.

The recently published 2025 Latio Cloud Security Market Report, authored by industry analyst James Berthoty, captures a major transformation: cloud security is leaving behind static visibility tools and moving toward runtime-driven risk reduction. The report traces five years of evolution – from dashboards full of misconfigurations to platforms that can detect, prioritize, and mitigate threats in real time. Six key insights define this new era.

Linux kernel v6.17 is on the horizon (expected release by the end of September 2025 – Canonical said to release 25.10 with the new kernel in early October), and it brings some interesting security-focused improvements. This release continues Linux’s trend of hardening the kernel against both hardware-level vulnerabilities and general attack vectors, while refining security subsystems for better performance and maintainability.

These days it seems everyone is obsessed with MCP servers, me included. After studying the topic and building a few MCP servers myself, I have decided to share the knowledge I have gained with a series of blogs on MCP servers and their security implications.

Kubernetes v1.34 is coming soon, and it brings a rich batch of security upgrades – from alpha features that hint at the future of zero-trust Kubernetes, to mature enhancements making their way into stable releases. Whether you’re managing a production cluster or exploring new security patterns, this release has something worth your attention.

Cloud security is often divided into two: Runtime Security and Static Security. While both are crucial to protecting cloud environments, they differ significantly in their objectives, methodologies, and effectiveness against different types of threats. Understanding these differences helps organizations build a robust security strategy by leveraging the strengths of both.

Everyone talks about it, now one knows how others do it. Until now. Read on…

At ARMO, our mission is to make Kubernetes security more accessible, actionable, and effective. That’s why we’re excited to launch a major upgrade to our platform: Full Workload Inventory Visibility. This powerful new capability helps security and platform teams answer the question at the core of Kubernetes security.

Every DevSecOps, cloud security and even AppSec team knows the feeling: scanners flag hundreds – sometimes thousands – of critical issues across your pipelines, environments and apps. But how many of those findings actually matter? How many represent real, immediate risk to applications running in production? The uncomfortable answer? Very few. At ARMO, we’ve seen firsthand how over 60% of security findings are irrelevant hypothetical risks that will never be exploited.