legitsecurity.com

↩

Remote Code Execution Vulnerability in Azure Pipelines Can Lead To Software Supply Chain Attack

2023-04-04 09:56:58 (Reddit: Netsec)

Source: Reddit: Netsec

Using JFrog Artifactory? Make sure it doesn't mistakenly expose your secrets, apparently it's not uncommon

2023-03-01 00:47:29 (Reddit: Netsec)

Source: Reddit: Netsec

Exposing Secrets Via AppSec Tools: The SonarQube Case

2023-01-31 02:29:46 (Reddit: Netsec)

Source: Reddit: Netsec

Using a service with markdown capabilities? Good chance it's vulnerable and attackers can easily take it down

2023-01-21 23:15:55 (Reddit: Netsec)

Source: Reddit: Netsec

Vulnerable Jenkins plugins exploitation

2023-01-09 00:20:58 (Reddit: Netsec)

Source: Reddit: Netsec

GitHub Actions Privilege Escalations - The "workflow_run" trigger

2023-01-05 07:04:49 (Reddit: Netsec)

Source: Reddit: Netsec

Beware of this CI/CD vulnerability: GitHub Environment Injection (Google & Apache found vulnerable)

2022-12-19 13:22:53 (Reddit: Netsec)

Source: Reddit: Netsec

GitHub Actions - Artifact Poisoning Vulnerability

2022-12-04 07:09:26 (Reddit: Netsec)

Source: Reddit: Netsec

↩