Rory McCune
@mccune.org.uk
Security geek, Containers, Kubernetes, Golang/Ruby, hillwalking
Home Page :- https://www.mccune.org.uk
Blog:- https://raesene.github.io
Home Page :- https://www.mccune.org.uk
Blog:- https://raesene.github.io
We've got a new blog out looking at Kubernetes versions in use in real-world clusters, and it's actually quite good news from a security perspective.
securitylabs.datadoghq.com/articles/a-2...
securitylabs.datadoghq.com/articles/a-2...
A 2025 look at real-world Kubernetes version adoption | Datadog Security Labs
A 2025 look at real-world Kubernetes version adoption
securitylabs.datadoghq.com
November 10, 2025 at 11:10 AM
We've got a new blog out looking at Kubernetes versions in use in real-world clusters, and it's actually quite good news from a security perspective.
securitylabs.datadoghq.com/articles/a-2...
securitylabs.datadoghq.com/articles/a-2...
Reposted by Rory McCune
Kubernetes SIG Security is updating the OWASP Top 10 for Kubernetes, and we're seeking community input on it!
What do you think should be included? Fill out our survey here!
What do you think should be included? Fill out our survey here!
OWASP Kubernetes Top 10 2025 Survey
Kubernetes SIG Security Docs subproject is starting an update of the OWASP Kubernetes Top 10 and as such want to canvas ideas on what should be included.
The goal of the Top 10 is to provide awarenes...
docs.google.com
October 31, 2025 at 8:44 PM
Kubernetes SIG Security is updating the OWASP Top 10 for Kubernetes, and we're seeking community input on it!
What do you think should be included? Fill out our survey here!
What do you think should be included? Fill out our survey here!
You've got just over a week to contribute feedback for the new OWASP Kubernetes Top 10 docs.google.com/forms/d/e/1F... . Thanks to all the people who have taken the time to contribute already!
OWASP Kubernetes Top 10 2025 Survey
Kubernetes SIG Security Docs subproject is starting an update of the OWASP Kubernetes Top 10 and as such want to canvas ideas on what should be included.
The goal of the Top 10 is to provide awarenes...
docs.google.com
October 23, 2025 at 12:34 PM
You've got just over a week to contribute feedback for the new OWASP Kubernetes Top 10 docs.google.com/forms/d/e/1F... . Thanks to all the people who have taken the time to contribute already!
On the way home after a great @kcduk.bsky.social , thanks to all the organisers for putting on a lovely event in Edinburgh. Looking forward to hearing more about the next one once you’ve had time to recover from this one!
October 22, 2025 at 4:21 PM
On the way home after a great @kcduk.bsky.social , thanks to all the organisers for putting on a lovely event in Edinburgh. Looking forward to hearing more about the next one once you’ve had time to recover from this one!
Reposted by Rory McCune
I'm not sure about @randyshoup.bsky.social (who is a great speaker!) but I really had to work at presentations and talks. It didn't come naturally.
So don't worry if you're nervous or your first talks aren't amazing. It's something that definitely gets easier with practice!
So don't worry if you're nervous or your first talks aren't amazing. It's something that definitely gets easier with practice!
As evidenced by you and me, amirite?
October 22, 2025 at 10:21 AM
I'm not sure about @randyshoup.bsky.social (who is a great speaker!) but I really had to work at presentations and talks. It didn't come naturally.
So don't worry if you're nervous or your first talks aren't amazing. It's something that definitely gets easier with practice!
So don't worry if you're nervous or your first talks aren't amazing. It's something that definitely gets easier with practice!
Reposted by Rory McCune
@mt165.co.uk it's talking about trade and geography in Scotland. But he showed a map of Scotland without Shetland. Which is basically a diplomatic incident as far as I'm concerned.
October 21, 2025 at 9:08 AM
@mt165.co.uk it's talking about trade and geography in Scotland. But he showed a map of Scotland without Shetland. Which is basically a diplomatic incident as far as I'm concerned.
Reposted by Rory McCune
😈 Copilot Studio agents are great for users... and attackers! Check out our deep-dive on why you should be careful to trust unknown agents, plus background on upcoming app consent changes that will help prevent our demo scenario.
securitylabs.datadoghq.com/articles/cop...
securitylabs.datadoghq.com/articles/cop...
CoPhish: Using Microsoft Copilot Studio as a wrapper for OAuth phishing | Datadog Security Labs
Copilot Studio links look benign, but they can host content to redirect users to arbitrary URLs. In this post, we document a method by which a Copilot Studio agent's login settings can redirect a user...
securitylabs.datadoghq.com
October 20, 2025 at 1:24 PM
😈 Copilot Studio agents are great for users... and attackers! Check out our deep-dive on why you should be careful to trust unknown agents, plus background on upcoming app consent changes that will help prevent our demo scenario.
securitylabs.datadoghq.com/articles/cop...
securitylabs.datadoghq.com/articles/cop...
Reposted by Rory McCune
Our final ticket release is at 1337hrs on 11/11/25, they're only available on our Eventbrite page, if none are shown, they are all gone, no code is required for to get one.
If you have a ticket and can longer go, cancel your ticket so someone else can!
#BSidesLDN2025 #Tickets
If you have a ticket and can longer go, cancel your ticket so someone else can!
#BSidesLDN2025 #Tickets
October 17, 2025 at 8:51 AM
Our final ticket release is at 1337hrs on 11/11/25, they're only available on our Eventbrite page, if none are shown, they are all gone, no code is required for to get one.
If you have a ticket and can longer go, cancel your ticket so someone else can!
#BSidesLDN2025 #Tickets
If you have a ticket and can longer go, cancel your ticket so someone else can!
#BSidesLDN2025 #Tickets
Reposted by Rory McCune
Holy guacamole, this could be the weirdest story I ever worked on. www.nytimes.com/2025/10/16/s...
A C.I.A. Secret Kept for 35 Years Is Found in the Smithsonian’s Vault
www.nytimes.com
October 16, 2025 at 10:50 AM
Holy guacamole, this could be the weirdest story I ever worked on. www.nytimes.com/2025/10/16/s...
Reposted by Rory McCune
📚 The 2nd edition of 🔒Container Security 🔒 is out now! 📚
bookshop.org/p/books/cont...
bookshop.org/p/books/cont...
Container Security: Fundamental Technology Concepts That Protect Cloud Native Applications
Fundamental Technology Concepts That Protect Cloud Native Applications
bookshop.org
October 12, 2025 at 5:31 PM
📚 The 2nd edition of 🔒Container Security 🔒 is out now! 📚
bookshop.org/p/books/cont...
bookshop.org/p/books/cont...
Reposted by Rory McCune
Folks who think "cats are not loving" have never been loved by a cat.
October 9, 2025 at 7:25 PM
Folks who think "cats are not loving" have never been loved by a cat.
Reposted by Rory McCune
Our State of Cloud Security 2025 study is out!
www.datadoghq.com/state-of-clo...
• On AWS, 40% of organizations leverage data perimeters
• 11% of Google Cloud GKE and 23% of Google Cloud VMs are overprivileged
• On Azure, 1.3% of storage containers are public, 58% proactively block public access
www.datadoghq.com/state-of-clo...
• On AWS, 40% of organizations leverage data perimeters
• 11% of Google Cloud GKE and 23% of Google Cloud VMs are overprivileged
• On Azure, 1.3% of storage containers are public, 58% proactively block public access
State of Cloud Security | Datadog
For our 2025 report, we analyzed AWS, Google Cloud, and Azure data from thousands of organizations to understand the latest trends in cloud security posture.
www.datadoghq.com
October 8, 2025 at 9:10 PM
Our State of Cloud Security 2025 study is out!
www.datadoghq.com/state-of-clo...
• On AWS, 40% of organizations leverage data perimeters
• 11% of Google Cloud GKE and 23% of Google Cloud VMs are overprivileged
• On Azure, 1.3% of storage containers are public, 58% proactively block public access
www.datadoghq.com/state-of-clo...
• On AWS, 40% of organizations leverage data perimeters
• 11% of Google Cloud GKE and 23% of Google Cloud VMs are overprivileged
• On Azure, 1.3% of storage containers are public, 58% proactively block public access
Reposted by Rory McCune
When it comes to #K8s security, we don’t just say we care. We double down on what makes a system fundamentally secure.
And that's the topic of our next webinar.
📅 Thurs Oct 9 @ 18:00 CEST
🎙️ Justin Garrison + Rory McCune
Join us --> streamyard.com/watch/cmw4tY...
And that's the topic of our next webinar.
📅 Thurs Oct 9 @ 18:00 CEST
🎙️ Justin Garrison + Rory McCune
Join us --> streamyard.com/watch/cmw4tY...
Is your Kubernetes secure?
Kubernetes is not secure by default. Default configurations often lack the stringent security controls needed to protect across bare metal and edge. Its broad attack surface demands additional…
streamyard.com
October 8, 2025 at 8:01 AM
When it comes to #K8s security, we don’t just say we care. We double down on what makes a system fundamentally secure.
And that's the topic of our next webinar.
📅 Thurs Oct 9 @ 18:00 CEST
🎙️ Justin Garrison + Rory McCune
Join us --> streamyard.com/watch/cmw4tY...
And that's the topic of our next webinar.
📅 Thurs Oct 9 @ 18:00 CEST
🎙️ Justin Garrison + Rory McCune
Join us --> streamyard.com/watch/cmw4tY...
Calling all Kubernetes security interested folk. We're planning the next version of the OWASP Kubernetes Top 10, and have a survey to solicit ideas and feedback here docs.google.com/forms/d/e/1F... . Shouldn't take more than a couple of minutes to fill out and all feedback's welcome!
OWASP Kubernetes Top 10 2025 Survey
We're looking to update the OWASP Kubernetes Top 10 and as such want to canvas ideas on what should be included.
The goal of the Top 10 is to provide awareness on the most serious risks that Kubernet...
docs.google.com
October 6, 2025 at 1:10 PM
Calling all Kubernetes security interested folk. We're planning the next version of the OWASP Kubernetes Top 10, and have a survey to solicit ideas and feedback here docs.google.com/forms/d/e/1F... . Shouldn't take more than a couple of minutes to fill out and all feedback's welcome!
Reposted by Rory McCune
The team formerly behind RubyGems has come together to launch a new gem server for the Ruby community!
gem.coop
I am *super* excited about this!
gem.coop
I am *super* excited about this!
gem.coop
gem.coop
October 6, 2025 at 4:33 AM
The team formerly behind RubyGems has come together to launch a new gem server for the Ruby community!
gem.coop
I am *super* excited about this!
gem.coop
I am *super* excited about this!
Reposted by Rory McCune
Discord customer service data breach leaks user info and scanned photo IDs
Discord customer service data breach leaks user info and scanned photo IDs
An “unauthorized party” may have accessed the names of users, the last four digits of credit card numbers, and more.
buff.ly
October 4, 2025 at 12:00 AM
Discord customer service data breach leaks user info and scanned photo IDs
Reposted by Rory McCune
Want to talk security? Join our next webinar.
📅 Thurs, Oct 9 @ 18:00 CEST
🎙️ @justingarrison.com and @mccune.org.uk
As we cover
- Where #Kubernetes is and isn't secure
- Features that make a difference
- Practical steps you can apply today
Get your spot: streamyard.com/watch/cmw4tY...
📅 Thurs, Oct 9 @ 18:00 CEST
🎙️ @justingarrison.com and @mccune.org.uk
As we cover
- Where #Kubernetes is and isn't secure
- Features that make a difference
- Practical steps you can apply today
Get your spot: streamyard.com/watch/cmw4tY...
October 1, 2025 at 8:02 AM
Want to talk security? Join our next webinar.
📅 Thurs, Oct 9 @ 18:00 CEST
🎙️ @justingarrison.com and @mccune.org.uk
As we cover
- Where #Kubernetes is and isn't secure
- Features that make a difference
- Practical steps you can apply today
Get your spot: streamyard.com/watch/cmw4tY...
📅 Thurs, Oct 9 @ 18:00 CEST
🎙️ @justingarrison.com and @mccune.org.uk
As we cover
- Where #Kubernetes is and isn't secure
- Features that make a difference
- Practical steps you can apply today
Get your spot: streamyard.com/watch/cmw4tY...
Reposted by Rory McCune
#BSidesLDN2025 second ticket release today!
Last tickets will be out on 1st Nov.
No code is needed, if tickets are available, they will be revealed when you hit "Get tickets".
Ticket are ONLY available via Eventbrite!
bit.ly/BSidesLDN2025Tkts
#Security #BSides #London #Tickets
Last tickets will be out on 1st Nov.
No code is needed, if tickets are available, they will be revealed when you hit "Get tickets".
Ticket are ONLY available via Eventbrite!
bit.ly/BSidesLDN2025Tkts
#Security #BSides #London #Tickets
October 1, 2025 at 8:58 AM
#BSidesLDN2025 second ticket release today!
Last tickets will be out on 1st Nov.
No code is needed, if tickets are available, they will be revealed when you hit "Get tickets".
Ticket are ONLY available via Eventbrite!
bit.ly/BSidesLDN2025Tkts
#Security #BSides #London #Tickets
Last tickets will be out on 1st Nov.
No code is needed, if tickets are available, they will be revealed when you hit "Get tickets".
Ticket are ONLY available via Eventbrite!
bit.ly/BSidesLDN2025Tkts
#Security #BSides #London #Tickets
Reposted by Rory McCune
It’s finally here! ⚡️Enlightning returns in TWO HOURS!
I’ll be live with @aparker.io exploring Generative AI + OpenTelemetry: tracing, conventions, and even feeding telemetry back into coding assistants.
Don’t miss it!
youtu.be/S6zyprFIapM
I’ll be live with @aparker.io exploring Generative AI + OpenTelemetry: tracing, conventions, and even feeding telemetry back into coding assistants.
Don’t miss it!
youtu.be/S6zyprFIapM
September 30, 2025 at 5:31 PM
It’s finally here! ⚡️Enlightning returns in TWO HOURS!
I’ll be live with @aparker.io exploring Generative AI + OpenTelemetry: tracing, conventions, and even feeding telemetry back into coding assistants.
Don’t miss it!
youtu.be/S6zyprFIapM
I’ll be live with @aparker.io exploring Generative AI + OpenTelemetry: tracing, conventions, and even feeding telemetry back into coding assistants.
Don’t miss it!
youtu.be/S6zyprFIapM
Reposted by Rory McCune
tired: it's always DNS
inspired: ICANN feel it coming in the air tonight
inspired: ICANN feel it coming in the air tonight
September 29, 2025 at 11:02 AM
tired: it's always DNS
inspired: ICANN feel it coming in the air tonight
inspired: ICANN feel it coming in the air tonight
Reposted by Rory McCune
Having met with both sides on the current RubyCentral/RubyGems situation, here's my take:
- RubyCentral have managed this exceptionally poorly in many ways including removing literally the most active member of the RubyGems organisation by mistake who has declined to return
- RubyCentral have managed this exceptionally poorly in many ways including removing literally the most active member of the RubyGems organisation by mistake who has declined to return
September 19, 2025 at 7:04 PM
Having met with both sides on the current RubyCentral/RubyGems situation, here's my take:
- RubyCentral have managed this exceptionally poorly in many ways including removing literally the most active member of the RubyGems organisation by mistake who has declined to return
- RubyCentral have managed this exceptionally poorly in many ways including removing literally the most active member of the RubyGems organisation by mistake who has declined to return
Reposted by Rory McCune
Hey, #ruby folks! I've been one of the #RubyGems maintainers for the last decade.
Ruby Central has forcefully taken control of the RubyGems organization on GitHub, the `rubygems-update` and `bundler` gems on rubygems[.]org, and more.
You can read the details here: pup-e.com/goodbye-ruby...
Ruby Central has forcefully taken control of the RubyGems organization on GitHub, the `rubygems-update` and `bundler` gems on rubygems[.]org, and more.
You can read the details here: pup-e.com/goodbye-ruby...
RubyGems.org | your community gem host
rubygems.org
September 19, 2025 at 7:51 AM
Hey, #ruby folks! I've been one of the #RubyGems maintainers for the last decade.
Ruby Central has forcefully taken control of the RubyGems organization on GitHub, the `rubygems-update` and `bundler` gems on rubygems[.]org, and more.
You can read the details here: pup-e.com/goodbye-ruby...
Ruby Central has forcefully taken control of the RubyGems organization on GitHub, the `rubygems-update` and `bundler` gems on rubygems[.]org, and more.
You can read the details here: pup-e.com/goodbye-ruby...
My talk at @containerdays.bsky.social this week was on Kubernetes and post exploitation. I've had a couple of requests for a companion blog post, so here it is. The post looks at some things attackers might do in clusters they've compromised to retain access.
raesene.github.io/blog/2025/09...
raesene.github.io/blog/2025/09...
Beyond the surface - Exploring attacker persistence strategies in Kubernetes
raesene.github.io
September 12, 2025 at 10:17 AM
My talk at @containerdays.bsky.social this week was on Kubernetes and post exploitation. I've had a couple of requests for a companion blog post, so here it is. The post looks at some things attackers might do in clusters they've compromised to retain access.
raesene.github.io/blog/2025/09...
raesene.github.io/blog/2025/09...
That’s my talk done @containerdays.bsky.social great conference so far and a very civilised selection of free drinks!
September 9, 2025 at 8:03 AM
That’s my talk done @containerdays.bsky.social great conference so far and a very civilised selection of free drinks!
Reposted by Rory McCune
Unsurprisingly, I have opinions about Kubernetes, particularly when it comes to multitenancy and how easy it is to break out of common deployments. Today I wrote about them for @amberwolfsec.bsky.social
blog.amberwolf.com/blog/2025/se...
blog.amberwolf.com/blog/2025/se...
Breaking Boundaries - Kubernetes Namespaces and multi-tenancy
AmberWolf Security Research Blog
blog.amberwolf.com
September 1, 2025 at 5:49 PM
Unsurprisingly, I have opinions about Kubernetes, particularly when it comes to multitenancy and how easy it is to break out of common deployments. Today I wrote about them for @amberwolfsec.bsky.social
blog.amberwolf.com/blog/2025/se...
blog.amberwolf.com/blog/2025/se...