Chaos Mesh flaws allow cluster takeover via command injection; patched in v2.7.3 on Aug 21, 2025.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

Critical security vulnerabilities discovered in Chaos Mesh, an open-source chaos engineering platform for Kubernetes, allow attackers with minimal cluster network access to execute remote code and take over entire clusters. The flaws, dubbed 'Chaotic Deputy,' include an unauthenticated GraphQL debugging server and multiple command injection vulnerabilities with CVSS scores up to 9.8. All issues have been patched in version 2.7.3 released in August 2025.

Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover