Kaspersky uncovers over 250,000 potential security issues in GitHub Actions workflows
Source
ZawyaKaspersky uncovers over 250,000 potential security issues in GitHub Actions workflowszawya.comYou might also wanna read
GitHub Actions workflows identified as common weak link in open source supply chain attacks
This article analyzes a series of high-profile open source supply chain security incidents from the past 18 months, tracing them back to Git

Supply Chain Attack via Malicious Commit Hits 73 Microsoft GitHub Repositories
GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit was discovered in an Azure project, part of a supply chain atta
Post-mortem Analysis of @ctrl/tinycolor npm Supply Chain Attack via GitHub Actions
A detailed post-mortem analysis of a supply chain attack on the @ctrl/tinycolor npm package. The attack occurred when a malicious GitHub Act
GitHub Actions' Package Manager Lacks Critical Security Features
The article investigates GitHub Actions' dependency resolution system, revealing it functions as a package manager but lacks critical securi
GitHub disables 73 Microsoft repositories after detecting Miasma worm supply chain attack
GitHub took down over 70 Microsoft repositories in 105 seconds after detecting signs of the Miasma worm, a supply chain attack targeting ope
Study finds 5,673 compromised Android signing keys on GitHub affecting over 10 billion users
This paper presents a longitudinal study on Android app signing key protection, revealing systemic risks from developer-managed credentials.

Comments
Sign in to join the conversation.
No comments yet. Be the first.