Application Security New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise Researchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners. Ionut ArghireJanuary 12, 2024
Supply Chain Security Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks. Ionut ArghireJanuary 8, 2024
Application Security NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity NSA has published guidance to help organizations incorporate SBOM to mitigate supply chain risks. Ionut ArghireDecember 18, 2023
Malware & Threats Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies US, UK, and Poland warn of Russia-linked cyberespionage group’s broad exploitation of recent TeamCity vulnerability. Ionut ArghireDecember 14, 2023
Supply Chain Security North Korean Software Supply Chain Attack Hits North America, Asia North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply... Eduard KovacsNovember 24, 2023
Cloud Security Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking... Ryan NaraineNovember 22, 2023