News

Bleeping Computer10mon
GitHub Actions artifacts found leaking auth tokens in popular projects - BleepingComputer
Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
Jaw-dropping security flaws found in open source code could allow hackers to spirit away entire projects - here's what devs need to know
Sysdig exposed how a trusted GitHub feature can silently hand control to attackers pull_request_target isn’t just risky, it’s ...
CSOonline2y
Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions - CSO Online
Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack.
Bleeping Computer1y
Bitbucket artifact files can leak plaintext authentication secrets - BleepingComputer
To facilitate this automation, Bitbucket allows developers to store sensitive information, such as AWS authentication secrets, in 'Secured Variables' to easily use those variables in their code ...
CSOonline4mon
Abandoned AWS S3 buckets open door to remote code execution, supply-chain compromises - CSO Online
Code references to nonexistent cloud assets continue to pose significant security risks, and the problem is only growing. Recent research identified approximately 150 AWS S3 storage buckets once ...
ZDNet4y
Open source software security vulnerabilities exist for over four years before detection | ZDNET
The artifacts of open source code serve as critical infrastructure for much of the global economy, making the security of open source software mission-critical to the world." See also: The biggest ...