Researchers demo new CI/CD attack techniques in PyTorch supply-chain | CSO Online
The proof of concept shows it's possible to upload malicious PyTorch releases to GitHub by exploiting insecure misconfigurations in GitHub Actions.| CSO Online
The proof of concept shows it's possible to upload malicious PyTorch releases to GitHub by exploiting insecure misconfigurations in GitHub Actions.| CSO Online
In just over a week, I’ll be speaking at Black Hat 2024 and DEF CON 32 along with my co-presenter, John Stawinski. We’re going to share our research on Self-Hosted GitHub Runner attacks…| Adnan Khan's Blog
Progressing through certifications, developing as a red teamer, breaking into Bug Bounty — many steps along my security journey have been difficult. One of the easiest things I’ve done was breach M…| John Stawinski IV
Web3 has a weakness, and that is CI/CD security. Learn how I responsibly disclosed a Critical vulnerability in Astar Network’s GitHub repository that would have allowed attackers to conduct a…| Adnan Khan's Blog
Six months ago, my friend and colleague Adnan Khan started researching a new class of CI/CD attacks. Adnan grasped the significance of these attacks after executing them against GitHub to gain tota…| John Stawinski IV
Security tends to lag behind adoption, and AI/ML is no exception. Four months ago, Adnan Khan and I exploited a critical CI/CD vulnerability in PyTorch, one of the world’s leading ML platform…| John Stawinski IV
