Latest posts
-
The Monsters in Your Build Cache – GitHub Actions Cache Poisoning
GitHub Actions caching has some insecure design decisions that allow for some unique attacks. It’s considered working as intended, but there are many ways it can go wrong. Learn how I identified Actions cache poisoning… Read more
-
An Obscure Actions Workflow Vulnerability in Google’s Flank
Learn about how I used a custom tool to find a Google-owned repository vulnerable to GitHub Actions Poisoned Pipeline Execution Attack and earned a $7,500 bug bounty! Read more
-
Web3’s Achilles’ Heel: A Supply Chain Attack on Astar Network
Web3 has a weakness, and that is CI/CD security. Learn how I responsibly disclosed a Critical vulnerability in Astar Network’s GitHub repository that would have allowed attackers to conduct a serious attack on the network,… Read more