GitHub, PyTorch and More Organizations Found Vulnerable to Self-Hosted Runner Attacks

GitHub, PyTorch and More Organizations Found Vulnerable to Self-Hosted Runner Attacks

| | AppSec, DEVOPS, threats
Last July, we published an article exploring the dangers of vulnerable self-hosted runners and how they can lead to severe software supply chain attacks. A recent blog post by security researcher and ...
Comic Agilé - Mikkel Noe-Nygaard, Luxshan Ratnaravi - #275 -- Comic Agilé Consulting

Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #275 — Comic Agilé Consulting

via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé! Permalink ...
Beeper, Inc.

Apple Smashes Ban Hammer on Beeper iMessage Users

Empire strikes back: It was only a matter of time. But is this what Eric wanted all along? ...
Security Boulevard

30 new Semgrep rules: Ansible, Java, Kotlin, shell scripts, and more

By Matt Schwager and Sam Alws We are publishing a set of 30 custom Semgrep rules for Ansible playbooks, Java/Kotlin code, shell scripts, and Docker Compose configuration files. These rules were created ...

3 Malicious PyPI Packages Hide CoinMiner on Linux Devices

In a recent cybersecurity revelation, the Python Package Index (PyPI) has fallen victim to the infiltration of three malicious packages: modularseven, driftme, and catme. These packages, although now removed, managed to amass ...
GitLab vulnerability password

GitLab Fixes Password Reset Bug That Allows Account Takeover

GitLab is releasing a patch to fix a vulnerability in its email verification process that bad actors can exploit to reset user passwords and take over accounts. The flaw, CVE-2023-7028, was introduced ...
Security Boulevard

Internet freedom with the Open Technology Fund

By Spencer Michaels, William Woodruff, Jeff Braswell, and Cliff Smith Trail of Bits cares about internet freedom, and one of our most valued partners in pursuit of that goal is the Open ...

Webinar: Solving the Bi-Directional Sync Problem with Microsoft Sentinel and D3 Smart SOAR

We’re looking forward to having you join us for our upcoming webinar on January 24th, at 10AM PST/1PM EST. It’s sure to be worth your time if you work in a large ...