CI/CD Security Archives

Microsoft Windows malware software supply chain

Bitwarden CLI Compromise Linked to Ongoing Checkmarx Supply Chain Campaign

Jeffrey Burt | April 23, 2026 | AI, Bitwarden, Checkmarx, CI/CD Security, GitHub, JFrog Security, MCP, npm repository, OX Security, Shai-Hulud, Socket, StepSecurity, supply chain attack, TeamPCP, Trivy

A compromise of the popular Bitwarden password manager is linked to the ongoing Checkmarx supply chain campaign, with bad actor injecting malicious code in a version of its CLI. However, while there ...

Security Boulevard

Building Bridges, Breaking Pipelines: Introducing Trajan

Justin Copeland | March 6, 2026 | AI Security, CI/CD Security, Open Source Tools

TL;DR: Trajan is an open-source CI/CD security tool from Praetorian that unifies vulnerability detection and attack validation across GitHub Actions, GitLab CI, Azure DevOps, and Jenkins in a single cross-platform engine. It ...

Offensive Security Blog: Latest Trends in Hacking | Praetorian

Building Bridges, Breaking Pipelines: Introducing Trajan

Justin Copeland | March 6, 2026 | AI Security, CI/CD Security, Open Source Tools

Offensive Security Blog: Latest Trends in Hacking | Praetorian

application security cloud left integration Shifting DevSec Left with ShiftLeft

Shift Left Has Shifted Wrong: Why AppSec Teams – Not Developers – Must Lead Security in the Age of AI Coding

Narrow “shift left” has failed at AI scale. Move from developer-led fixes to AppSec-managed automation that triages findings and delivers tested pull-request fixes so teams can safely manage AI-generated code ...

Security Boulevard

charlotte, AI, security, crowdstrike, agentic ai, GenAI, NHIs, human, cybersecurity, GenAI, artificial intelligence, cyber risks, threats, cybersecurity

Can We Really Eliminate Human Error in Cybersecurity?

Ozhan Sisic | August 28, 2025 | Automation in Security, blame-free security, chaos drills, CI/CD Security, cyber resilience, cybersecurity psychology, designing for human fallibility, error chains, human error cybersecurity, misconfiguration breaches, Penetration Testing, people as attack surface, , psychological safety in security, Red team exercises, resilient cybersecurity, Security Culture

Cybersecurity breaches often stem not from advanced exploits but from human error, misconfigurations, and routine mistakes. True resilience comes from designing systems that expect failure, leverage automation wisely, and foster a security-first ...

Security Boulevard

The three panes of Nosey Parker Explorer's main page.

Introducing Nosey Parker Explorer

Harry Hayward | January 29, 2025 | CI/CD Security, open source, Tools & Techniques

Introducing Nosey Parker Explorer: an interactive review tool for findings from Nosey Parker - the machine learning powered, multi-phase solution for locating secret exposure. The post Introducing Nosey Parker Explorer appeared first ...

Security Blog | Praetorian

Recursive Amplification Attacks: Botnet-as-a-Service

Thomas Tan | July 23, 2024 | CI/CD Security

Introduction On a recent client engagement, we tested a startup’s up-and-coming SaaS data platform and discovered an alarming attack path. The specific feature names and technologies have been generalized to anonymize the ...

Security Blog | Praetorian

Threat Groups Rush to Exploit JetBrains’ TeamCity CI/CD Security Flaws

Jeffrey Burt | March 11, 2024 | BianLian, CI/CD Security, Ransomware, software supply chain attacks

The cyberthreats to users of JetBrains’ TeamCity CI/CD platform continue to mount a week after the company issued two fixes to security vulnerabilities, with one cybersecurity vendor noting a ransomware attack that ...

Security Boulevard

Fix Available for Critical Jenkins Flaw That Leads to RCE Attacks

Jeffrey Burt | January 29, 2024 | CI/CD Security, jenkins, Vulnerabilities

Organizations are being urged to fix two security vulnerabilities in Jenkins that could allow unauthenticated attackers to remotely execute arbitrary code in the popular open source software tool that is used to ...

Security Boulevard

TensorFlow Supply Chain Compromise via Self-Hosted Runner Attack

Lydia Chiu | January 15, 2024 | CI/CD Security, TensorFlow

Introduction With the recent rise and adoption of artificial intelligence technologies, open-source frameworks such as TensorFlow are prime targets for attackers seeking to conduct software supply chain attacks. Over the last several ...

Security Blog | Praetorian

CI/CD Security

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On