News

Bleeping Computer10mon
GitHub Actions artifacts found leaking auth tokens in popular projects
Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat ... placing the responsibility on users to secure their artifacts. Given the situation ...
Jaw-dropping security flaws found in open source code could allow hackers to spirit away entire projects - here's what devs need to know
Sysdig exposed how a trusted GitHub feature can silently hand control to attackers pull_request_target isn’t just risky, it’s ...
CSOonline2y
Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions
The way build artifacts are stored by the GitHub Actions platform could enable attackers to inject malicious code ... Security said in an analysis of the issue. To attack a vulnerable project ...
Bleeping Computer1y
Bitbucket artifact files can leak plaintext authentication secrets
Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact ... code scanning with Snyk, and other supported security integrations.
CSOonline4mon
Abandoned AWS S3 buckets open door to remote code execution, supply-chain compromises
Attackers re-register abandoned AWS S3 buckets filled with malicious files that are executed by applications looking for these buckets. Code ... projects to commercial software and even security ...
ZDNet4y
Open source software security vulnerabilities exist for over four years before detection
The artifacts of open source code serve as critical infrastructure for much of the global economy, making the security ... projects now rely on open source components, with close to 700 ...