HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cyberbender

no profile record

Submissions

Repo-Jacking Anthropic's Claude Community Plugins (and the SHAs That Saved Them)

johnstawinski.com
2 points·by cyberbender·hace 25 días·0 comments

Unauthorized Prompt Injection to RCE in Anthropic's Claude Code Action

johnstawinski.com
1 points·by cyberbender·hace 5 meses·0 comments

[untitled]

1 points·by cyberbender·el año pasado·0 comments

Introducing: GitHub Device Code Phishing

praetorian.com
4 points·by cyberbender·el año pasado·0 comments

Node.js Repository Jenkins Code Execution and Potential Supply Chain Attack

praetorian.com
3 points·by cyberbender·el año pasado·1 comments

Public secrets exposure leads to supply chain attack on GitHub CodeQL

praetorian.com
297 points·by cyberbender·el año pasado·61 comments

Breaching Microsoft via DeepSpeed GitHub Repository

johnstawinski.com
6 points·by cyberbender·hace 2 años·3 comments

comments

cyberbender
·hace 2 años·discuss
This is great; the less long-lived credentials the better!

Now developers just need to make sure they secure their code at the pipeline level. Pipeline compromise = package compromise.
cyberbender
·hace 2 años·discuss
Wow, I remember attempting to do this in University...glad someone much smarter than me figured it out :)
cyberbender
·hace 2 años·discuss
I've seen this firsthand...I think it is less of an issue at smaller companies where taking initiative and leaning into their intelligence is less politically restricted. At large organizations, often it requires too much energy for them navigate the bureaucracy and tap into their potential.
cyberbender
·hace 2 años·discuss
Does anyone know if Amazon can push patches down to these devices? Or are they forever vulnerable once the issue is discovered?