| #BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services |
|
|
|
| CVE-2023-1767 - Stored XSS on Snyk Advisor service can allow full fabrication of npm packages health score |
|
|
|
| Hijacking Arch Linux Packages by Repo Jacking GitHub Repositories |
|
|
|
| Remote Code Execution Vulnerability in Azure Pipelines Can Lead To Software Supply Chain Attack |
|
|
|
| Subdomain Takeover: How a Misconfigured DNS Record Could Lead to a Huge Supply Chain Attack |
|
|
|
| Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable |
|
|
|
| Attacking The Software Supply Chain With A Simple Rename |
|
|
|
| Hijacking AUR Packages by Searching for Expired Domains |
|
|
|
| Threat Alert: Private npm Packages Disclosed via Timing Attacks |
|
|
|
| Securing Developer Tools: A New Supply Chain Attack on PHP |
|
|
|
| "Zero-Days" Without Incident - Compromising Angular via Expired npm Publisher Email Domains |
|
|
|
| Insecure Bootstrap Process in Oracle Cloud CLI |
|
|
|
| Malicious Kubernetes Helm Charts can be used to steal sensitive information from Argo CD deployments |
|
|
|
| WordPress Plugin Confusion: How an update can get you pwned |
|
|
|
| PHP Supply Chain Attack on Composer |
|
|
|
writeups.xyz
/
Supply Chain Attack