Archives

All 13 posts, organized by year.

2025 (3 posts)

Jul 21 Who's SHA is it Anyway: Bypassing Google Cloud Build Comment Control for $30,000
May 2 Watch your Dispatch: Race Condition in Dependabot Core CI
Feb 27 (Not So) Safe{Wallet}: GitHub Actions Risks Impacting Safe''s Frontend

#cicd #github #web3

2024 (8 posts)

Dec 22 Cacheract: The Monster in your Build Cache
Nov 12 Release-Drafter To google/accompanist Compromise: VRP Writeup

#bugbounty #cicd #github
Jul 30 BlackHat 2024 and DEF CON 32 Preview

#bugbounty #devops #github #github-actions
Jul 2 RoguePuppet - A Critical Puppet Forge Supply Chain Vulnerability

#github #github-actions #security
May 6 The Monsters in Your Build Cache - GitHub Actions Cache Poisoning

#bugbounty #cicd #devops #github #github-actions
Apr 15 An Obscure Actions Workflow Vulnerability in Google's Flank
Jan 19 Web3''s Achilles'' Heel: A Supply Chain Attack on Astar Network

#astar #cicd #crypto #defi #github #web3
Jan 11 CVE-2023-49291 and More - A Potential Actions Nightmare

#cicd #cve #github

2023 (2 posts)