pull_request_nightmare Part 2: Exploiting GitHub Actions for RCE and Supply Chain
Executive summary We have managed to successfully compromise repositories owned by Microsoft, Google, Nvidia and many more using a single...
Executive summary We have managed to successfully compromise repositories owned by Microsoft, Google, Nvidia and many more using a single...
Executive Summary: The Orca Research Pod has uncovered critical security risks across several high-profile open source repositories that relied on...
TL;DR A new software supply chain attack has been identified, targeting the npm registry and this time impacting more than...
Reports have emerged of a major supply chain attack impacting numerous NPM packages maintained by the developer known as “qix.”...
On August 26, 2025, the open-source ecosystem was shaken by a new supply chain attack that targeted Nx, a popular...
According to Gartner, worldwide spending on generative AI is set to reach $644 billion (USD) in 2025, a nearly 77%...
2025 Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP) Read the report to learn why Gartner is recommending that...
Microsoft pushed out-of-band fixes for on-premise SharePoint Servers after attackers chained CVE-2025-53770 and CVE-2025-53771. The chain bypasses SharePoint chain vulnerabilities,...
Table of contentsExecutive summaryA quick introduction to Azure Machine LearningHow AML pipelines are commonly usedHow the privilege escalation vulnerability could...