And it's 'not unique to AWS,' researcher tells The Reg A critical misconfiguration in AWS's CodeBuild service allowed complete takeover of the cloud provider's own GitHub repositories and put every AWS environment in the world at risk, according to Wiz security researchers.…
Latest cybersecurity reporting from selected sources.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Refine the feed
Search across headline titles and summaries.
Volume over time
Weekly headline count for the current query.
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub
Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies
Attackers' GitHub Abuse Poses Growing Risk, Researchers Warn
Cybersecurity Researchers Detail Defenses Against Attackers Abusing Cloud ServicesWhile cybercriminals and advanced persistent threat groups have long abused legitimate internet services both to scale and disguise various types of attacks, a new report warns of a growing challenge posed by the illegitimate use of GitHub and offers essential defenses for users.
Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware
New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems
GitHub Dependabot Now Alerts Developers On Vulnerable GitHub Actions
Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows