API server misconfiguration - RBAC over-permissioning - Secrets stored in plaintext - Network policy absence enabling lateral movement - Service account token abuse