#security - Adnan Khan | Adnan Khan

(Not So) Safe{Wallet}: GitHub Actions Risks Impacting Safe''s Frontend

Feb 27, 2025

Cacheract: The Monster in your Build Cache

In this post, I demonstrate Cacheract, which is an open source proof-of-concept for 'Cache Native Malware' that exploits GitHub Actions cache misconfigurations.

Dec 22, 2024

bugbounty cicd githubactions

Release-Drafter To google/accompanist Compromise: VRP Writeup

Nov 12, 2024

bugbounty github githubactions

BlackHat 2024 and DEF CON 32 Preview

Jul 30, 2024

cicd githubactions security

RoguePuppet - A Critical Puppet Forge Supply Chain Vulnerability

Jul 2, 2024

bugbounty cicd github

An Obscure Actions Workflow Vulnerability in Google's Flank

Apr 15, 2024

bugbounty cicd github

Web3''s Achilles'' Heel: A Supply Chain Attack on Astar Network

Jan 19, 2024

cicd github security

CVE-2023-49291 and More - A Potential Actions Nightmare

Jan 11, 2024

bugbounty cicd github

One Supply Chain Attack to Rule Them All - Poisoning GitHub's Runner Images

Dec 20, 2023

bugbounty cicd security

Welcome to my blog - there is more to come!

Dec 16, 2023