Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

Tag: remote code execution

DevsecOps software supply chain data, pipelines, data lineage

Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable

| | Aqua Security Trivy, CI/CD cyberthreats, exposed secrets, GitHub Actions, IANS Research, malicious code, microsoft, OWASP Top 10, remote code execution, software development security, software supply chain attacks, software vulnerabilities, Tenable
A critical vulnerability in a popular Microsoft GitHub repository could allow a threat actor to easily exploit its CI/CD infrastructure to run arbitrary code in the repository and gain access to secrets, ...
CISA, secure by design, ReversingLabs, open-source, AI, cybersecurity, tooling, CISA Security Scribe ReversingLabs software supply chain cybersecurity - software supply chain security - risks - cyberattacks - Log4J - vulnerabilities

‘PackageGate’ Vulnerabilities Can Let Attackers Bypass Shai-Hulud Defenses

| | Aikido Security, Bun, Git dependency, github, Koi Security, microsoft, npm registry, PhantomRaven, PNPM, remote code execution, Shai-Hulud worm, supply chain attack, VLT
In the wake of the massive Shai-Hulud supply chain attack that ripped through npm late last year and compromised more than 700 packages and exposed 25,000 repositories, developers in the JavaScript world ...
Jamf, Korea, code, hybrid, ai-powered, observability, insights, DevSecOps Cisco Chronosphere observability, data collection, Observe Google Splunk ServiceNow Logz.io observability Web3 developers CodeSee Survey Surfaces Slow But Steady DevSecOps Progress

N. Korea Contagious Interview Campaign Turns to VS Code to Deliver Backdoor

| | backdoors, Contagious Interview, Git repositories, github, information stealing, Jamf, North Korea, remote code execution
Jamf security researchers said state-sponsored espionage actors are using malicious VS Code projects to steal information ...