I will try to go more in-depth in later posts, but many users, especially in a k8s context probably have a socket activated sshd listener on vsock, that may pose a serious risk and possibly violate your security assumptions.

"While the above attack did use the systemd vsock sshd listener for Escape to Host, the attacker could have just directly listened over the vsock loopback."

https://www.openwall.com/lists/oss-security/2026/01/08/7

TL;DR: a clueless user fails to understand and configure his own systems, but for clickbait effect chooses to blame the evil SyStEmD!!!11 instead of his own incompetence