Explore >> Select a destination
|
You are here 
|
staex.io | ||
| | | | |
adnanthekhan.com
|
|
| | | | | I successfully exploited a critical misconfiguration vulnerability in GitHub's actions/runner images repository. I gained control over build agents used by the repository, accessed secrets, and showed how an attacker could insert malicious code into the runner base images and carry out an attack which could have affected all GitHub customers using hosted runners. Following the... | |
| | | | |
www.sonatype.com
|
|
| | | | | The SolarWinds software supply chain attack has made it clear that open source developers need to act now and intelligently manage third party dependencies to. | |
| | | | |
www.haukeluebbers.de
|
|
| | | | | Motivation Since the summer of 2019 I have been looking into package dependency compromises, a subset of software supply chain attacks. Today a number of popular programming languages make heavy use of more or less centralized package repositories and come with tools that make it easy to rely on third-party packages, which often come with lots of dependencies of their own. But with each dependency the attack surface for package dependency compromises increases - and malicious actors have already used dif... | |
| | | | |
thehackernews.com
|
|
| | | The Hacker News | Cybersecurity Webinars - The Hacker News | ||
