Diginomica

AWS outage, Log4j vulnerability provides harsh lessons in unknown dependencies

The recent AWS outage(s) and Log4j security holes should lead to enterprises drawing some broader lessons about dealing with complexity and dependencies in modern IT environments. In what is becoming ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
Bleeping Computer

Bitbucket artifact files can leak plaintext authentication secrets

Update 5/21/24: Added Atlassian statement to the bottom of the article. Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact ...
Dark Reading

GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects

Researchers have uncovered an attack vector that affected GitHub open source projects owned by Google, Microsoft, Amazon Web Services, and others, executed by abusing artifacts generated as part of ...
ZDNet

GitHub rolls out dependency review, vulnerability alerts for pull requests

GitHub will roll out dependency review, a security assessment for pull requests, in the coming weeks to developers. SEE: Meet the hackers who earn millions for saving the web, one bug at a time (cover ...