| Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk |
|
|
|
| ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts |
|
|
|
| Github Actions Exploitation: Dependabot |
|
|
|
| ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions |
|
|
|
| Exploiting GCP Cloud Build for Privilege Escalation |
|
|
|
| GitHub Actions Exploitation: Self Hosted Runners |
|
|
|
| Github Actions Exploitation: Untrusted Input |
|
|
|
| RoguePuppet – A Critical Puppet Forge Supply Chain Vulnerability |
|
|
|
| Compromising ByteDance’s Rspack using GitHub Actions Vulnerabilities |
|
|
|
| Hijacking GitHub Runners To Compromise The Organization |
|
|
|
| The Monsters in Your Build Cache – GitHub Actions Cache Poisoning |
|
|
|
| An Obscure Actions Workflow Vulnerability in Google’s Flank |
|
|
|
| Fixing Typos And Breaching Microsoft’s Perimeter |
|
|
|
| Wiz Research finds architecture risks that may compromise AI-as-a-Service providers and consequently risk customer data; works with Hugging Face on mitigations |
|
|
|
| Azure Devops Zero-Click CI/CD Vulnerability |
|
|
|
| Web3’s Achilles’ Heel: A Supply Chain Attack on Astar Network |
|
|
|
| TensorFlow Supply Chain Compromise via Self-Hosted Runner Attack |
|
|
|
| Playing With Fire – How We Executed A Critical Supply Chain Attack On Pytorch |
|
|
|
| One Supply Chain Attack to Rule Them All |
|
|
|
| Securing our home labs: Frigate code review |
|
|
|
| All the Small Things: Azure CLI Leakage and Problematic Usage Patterns |
|
|
|
| OMGCICD - Attacking GitLab CI/CD Via Shared Runners |
|
|
|
| Long Live the Pwn Request: Hacking Microsoft GitHub Repositories and More |
|
|
|
| Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity |
|
|
|
| The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree |
|
|
|
writeups.xyz
/
CI/CD