HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cyberbender

no profile record

Submissions

Repo-Jacking Anthropic's Claude Community Plugins (and the SHAs That Saved Them)

johnstawinski.com
2 points·by cyberbender·25 ngày trước·0 comments

Unauthorized Prompt Injection to RCE in Anthropic's Claude Code Action

johnstawinski.com
1 points·by cyberbender·5 tháng trước·0 comments

[untitled]

1 points·by cyberbender·năm ngoái·0 comments

Introducing: GitHub Device Code Phishing

praetorian.com
4 points·by cyberbender·năm ngoái·0 comments

Node.js Repository Jenkins Code Execution and Potential Supply Chain Attack

praetorian.com
3 points·by cyberbender·năm ngoái·1 comments

Public secrets exposure leads to supply chain attack on GitHub CodeQL

praetorian.com
297 points·by cyberbender·năm ngoái·61 comments

Breaching Microsoft via DeepSpeed GitHub Repository

johnstawinski.com
6 points·by cyberbender·2 năm trước·3 comments

comments

cyberbender
·2 năm trước·discuss
This is great; the less long-lived credentials the better!

Now developers just need to make sure they secure their code at the pipeline level. Pipeline compromise = package compromise.
cyberbender
·2 năm trước·discuss
Wow, I remember attempting to do this in University...glad someone much smarter than me figured it out :)
cyberbender
·2 năm trước·discuss
I've seen this firsthand...I think it is less of an issue at smaller companies where taking initiative and leaning into their intelligence is less politically restricted. At large organizations, often it requires too much energy for them navigate the bureaucracy and tap into their potential.
cyberbender
·2 năm trước·discuss
Does anyone know if Amazon can push patches down to these devices? Or are they forever vulnerable once the issue is discovered?