This week, Kubernetes API server was found vulnerable to the Billion laughs attack, NIST has opened their Zero Trust Architecture guidelines for commenting, and VS Code OpenAPI extension got an update with API Contract Security Audit built-in.
You might also like: How to Secure APIs
Vulnerabilities: Kubernetes
The Kubernetes API server is currently vulnerable to the so-called Billion laughs attack. This is the term typically used for XML expansion denial-of-service attacks. An XML sent through an API has a built-in recursion to overload XML parsers.