HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cyberbender

no profile record

Submissions

Repo-Jacking Anthropic's Claude Community Plugins (and the SHAs That Saved Them)

johnstawinski.com
2 points·by cyberbender·25 дней назад·0 comments

Unauthorized Prompt Injection to RCE in Anthropic's Claude Code Action

johnstawinski.com
1 points·by cyberbender·5 месяцев назад·0 comments

[untitled]

1 points·by cyberbender·в прошлом году·0 comments

Introducing: GitHub Device Code Phishing

praetorian.com
4 points·by cyberbender·в прошлом году·0 comments

Node.js Repository Jenkins Code Execution and Potential Supply Chain Attack

praetorian.com
3 points·by cyberbender·в прошлом году·1 comments

Public secrets exposure leads to supply chain attack on GitHub CodeQL

praetorian.com
297 points·by cyberbender·в прошлом году·61 comments

Breaching Microsoft via DeepSpeed GitHub Repository

johnstawinski.com
6 points·by cyberbender·2 года назад·3 comments

comments

cyberbender
·2 года назад·discuss
This is great; the less long-lived credentials the better!

Now developers just need to make sure they secure their code at the pipeline level. Pipeline compromise = package compromise.
cyberbender
·2 года назад·discuss
Wow, I remember attempting to do this in University...glad someone much smarter than me figured it out :)
cyberbender
·2 года назад·discuss
I've seen this firsthand...I think it is less of an issue at smaller companies where taking initiative and leaning into their intelligence is less politically restricted. At large organizations, often it requires too much energy for them navigate the bureaucracy and tap into their potential.
cyberbender
·2 года назад·discuss
Does anyone know if Amazon can push patches down to these devices? Or are they forever vulnerable once the issue is discovered?