How IBM Cloud caught us exploring its infrastructure and how a hardcoded secret eventually led to build artifact access and manipulation

Exciting news – we’ve released a new version of our CI/CD Goat CTF platform, a deliberately vulnerable CI/CD environment. We decided to release a new version with a shiny new challenge, after our previous 10 challenges were enthusiastically received and widely…

ONEKEY identifies a command injection bug in the M25 NAS from Asus. Read the latest Security Advisory here

This advisory contains information about the following vulnerabilities:
- OOB Accesses Using the Logging System

Last month, during Ekoparty, Blue Frost Security published a Windows challenge. Since having a Windows exploitation challenge, is one of a kind in CTFs, and since I’ve found the challenge interesting and very clever, I’ve decided to post about my reverse…

### Summary
An attacker could, through a link or website, take over the computer of a Visual Studio Code user and any computers they were connected to via the [Visual Studio Code Remote Developmen...

This post contains a chain of vulnerabilities I responsibly disclosed to Riot Games in November of 2016. I’m publicly disclosing it now as…

Leaders in Information Security

Aqua Nautilus discovers Redigo, new previously undetected Go-based malware that targets Redis servers to gain domination on the compromised machine

NVIDIA released a security update fixing 25 GPU display driver vulnerabilities that could lead to code execution, denial of service, and more.

Real-time HTTP Intrusion Detection. Contribute to kitabisa/teler development by creating an account on GitHub.

This write-up won’t be an intense discussion on security code review techniques this time. We’ll simply let do all the hard work by a third party: CodeQL.

New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.

OWASP Top 10 CI/CD Security Risks on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.

When your startup is struggling to find its product-market fit, security is the last thing on your mind - and according to security expert Matt Spitz, that’s perfectly fine! Matt is Vanta's Head of Engineering and he joins this week's episode of Dev Interrupted…