Latest posts
-
Protected: The Monsters in Your Build Cache – GitHub Actions Cache Poisoning
There is no excerpt because this is a protected post. Read more
-
An Obscure Actions Workflow Vulnerability in Google’s Flank
Learn about how I used a custom tool to find a Google-owned repository vulnerable to GitHub Actions Poisoned Pipeline Execution Attack and earned a $7,500 bug bounty! Read more
-
Web3’s Achilles’ Heel: A Supply Chain Attack on Astar Network
Web3 has a weakness, and that is CI/CD security. Learn how I responsibly disclosed a Critical vulnerability in Astar Network’s GitHub repository that would have allowed attackers to conduct a serious attack on the network,… Read more