ByteBrief
We're a portrait publication through and through. Turn your phone back and your briefing picks up right where you left it.
(We tried widescreen once. It wasn't us.)

An unpatched flaw in Argo CD's repo-server lets unauthenticated attackers run code via its internal gRPC service. Synacktiv found the bug, reported it in January 2025, and published details after 18 months without a fix. The attack abuses kustomize's --helm-command option to execute a malicious script.
Tap to vote and see what everyone thinks.
Summary by ByteBrief