| Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk |
|
|
|
| GitHub Actions Exploitation: Repo Jacking And Environment Manipulation |
|
|
|
| Github Actions Exploitation: Untrusted Input |
|
|
|
| RoguePuppet – A Critical Puppet Forge Supply Chain Vulnerability |
|
|
|
| Vulnerabilities In CocoaPods Open The Door To Supply Chain Attacks Against Thousands Of iOS And MacOS Applications |
|
|
|
| Supply Chain Attacks: A New Era |
|
|
|
| How a Single Vulnerability Can Bring Down the JavaScript Ecosystem |
|
|
|
| The Monsters in Your Build Cache – GitHub Actions Cache Poisoning |
|
|
|
| An Obscure Actions Workflow Vulnerability in Google’s Flank |
|
|
|
| Fixing Typos And Breaching Microsoft’s Perimeter |
|
|
|
| Wiz Research finds architecture risks that may compromise AI-as-a-Service providers and consequently risk customer data; works with Hugging Face on mitigations |
|
|
|
| How I hacked into Google’s internal corporate assets |
|
|
|
| Hijacking Safetensors Conversion On Hugging Face |
|
|
|
| Snap Trap: The Hidden Dangers Within Ubuntu’s Package Suggestion System |
|
|
|
| Azure Devops Zero-Click CI/CD Vulnerability |
|
|
|
| Web3’s Achilles’ Heel: A Supply Chain Attack on Astar Network |
|
|
|
| Introducing MavenGate: a supply chain attack method for Java and Android applications |
|
|
|
| TensorFlow Supply Chain Compromise via Self-Hosted Runner Attack |
|
|
|
| Playing With Fire – How We Executed A Critical Supply Chain Attack On Pytorch |
|
|
|
| One Supply Chain Attack to Rule Them All |
|
|
|
| Securing our home labs: Frigate code review |
|
|
|
| Persistent Threat: New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk |
|
|
|
| SAMLjacking a poisoned tenant |
|
|
|
| The massive bug at the heart of the npm ecosystem |
|
|
|
| Stealing GitHub staff's access token via GitHub Actions |
|
|
|
writeups.xyz
/
Supply Chain Attack