A severe misconfiguration in Kubernetes, a popular service used by major tech companies like Google, could allow malicious actors unauthorized access to cloud-based applications. A threat actor with access to a Google account could abuse the misconfiguration by using their own Google OAuth 2.0 token to seize control of the cluster for further exploitation. Google is actively addressing the issues and has encouraged its users to deploy recommended detection rules.
Relevant URL: https://thehackernews.com/2024/01/google-kubernetes-misconfig