This release adds 3 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+7 more
Affected surfaces
Summary
AI summaryUpdates Changelog New attack techniques, GCP, and deps across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Inject a Malicious Startup Script into a Vertex AI Workbench Instance (GCP) by @Minosity-VR Inject a Malicious Startup Script into a Vertex AI Workbench Instance (GCP) by @Minosity-VR Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high |
— |
| Security | Medium |
GCS Ransomware through individual file deletion (GCP) by @jbfeldman-dd GCS Ransomware through individual file deletion (GCP) by @jbfeldman-dd Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high |
— |
| Security | Medium |
GCS Ransomware through client-side encryption (GCP) by @jbfeldman-dd GCS Ransomware through client-side encryption (GCP) by @jbfeldman-dd Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high |
— |
| Feature | Medium |
Kubernetes resources are now labeled with `datadoghq.com/stratus-red-team-stage=warmup|detonation` to distinguish warmup from detonation resources Kubernetes resources are now labeled with `datadoghq.com/stratus-red-team-stage=warmup|detonation` to distinguish warmup from detonation resources Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low |
— |
| Feature | Medium |
Kubernetes configuration now supports pod annotations Kubernetes configuration now supports pod annotations Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low |
— |
| Dependency | Medium |
fix(deps): vuln minor upgrades (#855) fix(deps): vuln minor upgrades (#855) Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low |
— |
| Dependency | Medium |
Bump github/codeql-action from 4.34.1 to 4.35.1 (#821) Bump github/codeql-action from 4.34.1 to 4.35.1 (#821) Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low |
— |
| Dependency | Medium |
Bump actions/setup-go from 5.5.0 to 6.4.0 (#820) Bump actions/setup-go from 5.5.0 to 6.4.0 (#820) Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low |
— |
| Dependency | Medium |
Bump docker/login-action from 3.7.0 to 4.0.0 (#823) Bump docker/login-action from 3.7.0 to 4.0.0 (#823) Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low |
— |
| Dependency | Medium |
Bump docker/build-push-action from 6.18.0 to 7.0.0 (#824) Bump docker/build-push-action from 6.18.0 to 7.0.0 (#824) Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low |
— |
| Dependency | Low |
Minor vulnerability upgrades performed in dependencies (#855) Minor vulnerability upgrades performed in dependencies (#855) Source: granite4.1:30b@2026-05-20-audit Confidence: low |
— |
| Bugfix | Medium |
Warmup leftover files are now cleaned up on warmup failure Warmup leftover files are now cleaned up on warmup failure Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high |
— |
Full changelog
Changelog
New attack techniques:
- Inject a Malicious Startup Script into a Vertex AI Workbench Instance (GCP) by @Minosity-VR
- GCS Ransomware through individual file deletion (GCP) by @jbfeldman-dd
- GCS Ransomware through client-side encryption (GCP) by @jbfeldman-dd
New features:
- Kubernetes resources are now labeled with
datadoghq.com/stratus-red-team-stage=warmup|detonationto distinguish warmup from detonation resources (#837) - Kubernetes configuration now supports pod annotations (#853)
- Warmup leftover files are now cleaned up on warmup failure (#851)
Chores:
- fix(deps): vuln minor upgrades (#855)
- Bump github/codeql-action from 4.34.1 to 4.35.1 (#821)
- Bump actions/setup-go from 5.5.0 to 6.4.0 (#820)
- Bump docker/login-action from 3.7.0 to 4.0.0 (#823)
- Bump docker/build-push-action from 6.18.0 to 7.0.0 (#824)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Stratus Red Team | DataDog
cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
Related context
Related tools
Beta — feedback welcome: [email protected]