ENOSUCHBLOG| blog.yossarian.net
ENOSUCHBLOG| blog.yossarian.net
Build resilient GitHub Actions workflows with insights from real attacks, missteps to avoid, and security tips GitHub’s docs don’t fully cover.| wiz.io
A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains. A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains.| Unit 42
In this post, I demonstrate Cacheract, which is an open source proof-of-concept for “Cache Native Malware’ that exploits GitHub Actions cache misconfigurations.| Adnan Khan's Blog
Analysis of a package targeted by a supply-chain attack to the build and release process| blog.pypi.org
PGP signatures on PyPI: worse than useless| blog.yossarian.net
Tags| blog.yossarian.net
Series| blog.yossarian.net
ENOSUCHBLOG| blog.yossarian.net