Kubeflow is a new machine learning (ML) toolkit for Kubernetes that has been targeted by new attack vectors. It was discovered by Microsoft’s Azure Security Center. In April, a single public repository has distributed a dubious Kubeflow image to thousands of clusters. Researchers have stated that the image uses open-source crypto jacking malware.
Organizations should be careful of users/clusters access to registries that they download from.
Source: Securitymagazine