Dark Reading

GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln

For the second time in less than a month GitLab has users scrambling to address a critical vulnerability in the community and enterprise editions of its DevOps ...
NextBigFuture

Aembit Extends Secretless CI/CD with Credential Lifecycle Management for GitLab

Aembit, the workload identity and access management (IAM) company, today announced new capabilities for GitLab designed to reduce the security risks of long-lived personal access tokens (PATs) and ...
CSOonline

Researchers demo new CI/CD attack techniques in PyTorch supply-chain

The proof of concept shows it's possible to upload malicious PyTorch releases to GitHub by exploiting insecure misconfigurations in GitHub Actions. A pair of security researchers managed to infiltrate ...