惯性聚合
高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文
在惯性聚合中打开
即将跳转到惯性聚合
3
在聚合应用中查看完整内容和互动
立即跳转
取消
推荐订阅源
酷 壳 – CoolShell
GbyAI
SecWiki News
Project Zero
C
Cisco Blogs
Simon Willison's Weblog
P
Privacy International News Feed
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
A
Arctic Wolf
Security Latest
Threat Intelligence Blog | Flashpoint
P
Privacy & Cybersecurity Law Blog
Apple Machine Learning Research
T
Tailwind CSS Blog
The Hacker News
T
Tenable Blog
雷峰网
有赞技术团队
V
V2EX
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threat Research - Cisco Blogs
T
Threatpost
AWS News Blog
L
LINUX DO - 热门话题
Application and Cybersecurity Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
S
SegmentFault 最新的问题
月光博客
Spread Privacy
S
Secure Thoughts
宝玉的分享
博
博客园 - 三生石上(FineUI控件)
Forbes - Security
T
The Exploit Database - CXSecurity.com
G
GRAHAM CLULEY
The Last Watchdog
Y
Y Combinator Blog
I
Intezer
博
博客园 - 【当耐特】
B
Blog RSS Feed
Attack and Defense Labs
I
InfoQ
博
博客园 - 叶小钗
Cyberwarzone
V2EX - 技术
Cyber Security Advisories - MS-ISAC
Hugging Face - Blog
H
Help Net Security
C
CERT Recently Published Vulnerability Notes
Step Security Blog
Announcing Dependabot Configuration Enhancements: Cooldown and Group Support - StepSecurity
Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity - StepSecurity
Introducing StepSecurity Dev Machine Guard: Protecting Developer Machines from Supply Chain Attacks - StepSecurity
Top 2024 Predictions for CI/CD Security - StepSecurity
Dev Machine Guard Is Now Open Source: See What's Really Running on Your Developer Machine - StepSecurity
Datadog's DevSecOps 2026 Report Validates What We've Been Building - StepSecurity
hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far - StepSecurity
Cline Supply Chain Attack Detected: cline@2.3.0 Silently Installs OpenClaw - StepSecurity
StepSecurity’s Unified Protection Across the SDLC Infrastructure Threat Framework (SITF) - StepSecurity
@velora-dex/sdk Compromised on npm: Malicious Version Drops macOS Backdoor via launchctl Persistence - StepSecurity
axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity
Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack - StepSecurity
10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions - StepSecurity
Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor - StepSecurity
TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package - StepSecurity
litellm: Credential Stealer Hidden in PyPI Wheel - StepSecurity
Checkmarx KICS GitHub Action Compromised: Malware Injected in All Git Tags - StepSecurity
CanisterWorm: How a Self-Propagating npm Worm Is Spreading Backdoors Across the Ecosystem - StepSecurity
Trivy Compromised a Second Time - Malicious v0.69.4 Release, aquasecurity/setup-trivy, aquasecurity/trivy-action GitHub Actions Compromised - StepSecurity
bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys - StepSecurity
Malicious npm Releases Found in Popular React Native Packages - 130K+ Monthly Downloads Compromised - StepSecurity
Malicious Polymarket Bot Hides in Hijacked dev-protocol GitHub Org and Steals Wallet Keys - StepSecurity
ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push - StepSecurity
xygeni-action Compromised: C2 Reverse Shell Backdoor Injected via Tag Poisoning - StepSecurity
kubernetes-el Compromised: How a Pwn Request Exploited a Popular Emacs Package - StepSecurity
How StepSecurity Caught a Release Storm in Microsoft’s @types Packages - StepSecurity
Harden Runner Now Supports Windows and macOS GitHub Actions Runners - StepSecurity
10,000 Open-Source Projects Now Secured by Harden-Runner Community-Tier: A Milestone Three Years in the Making - StepSecurity
20+ Popular NPM Packages Compromised (Chalk, Debug, Strip-ANSI, Color-Convert, Wrap-ANSI...) - StepSecurity
2024 in Review: The Evolution of CI/CD Security & What's Next - StepSecurity
How to Use Docker in Actions Runner Controller (ARC) Runners Securely - StepSecurity
Celebrating 1000 Repositories Secured with Harden Runner: A Journey of Growth and Collaboration - StepSecurity
StepSecurity Detects Early Supply Chain Risk Signals in kilocode npm - StepSecurity
Another npm Supply Chain Attack: The 'is' Package Compromise - StepSecurity
anthropics/claude-code-action Security: How to Secure Claude Code in GitHub Actions with Harden-Runner - StepSecurity
Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity
StepSecurity's Catalog of Fixes - StepSecurity
Orchestrating Security: StepSecurity's Impact on 400+ Repositories and Future Plans - StepSecurity
Announcing Anomalous Outbound Call Detection Using Machine Learning - StepSecurity
Announcing GitHub Actions Advisor and StepSecurity Maintained Actions - StepSecurity
Analysis of Backdoored XZ Utils Build Process with Harden-Runner - StepSecurity
Announcing General Availability of Harden Runner - StepSecurity
Milestone Achieved: 2500+ Public Repositories Secured with Harden-Runner - StepSecurity
Build secretless CI/CD pipelines using wait-for-secrets - StepSecurity
Introducing Apps & PATs: Centralized Visibility for GitHub Apps and Personal Access Tokens - StepSecurity
CVE-2026-22709: Critical Sandbox Escape Vulnerability in vm2 - StepSecurity
StepSecurity Now Supports Dark Mode - StepSecurity
2025 in Review: The Evolution of Supply Chain Security & What's Next - StepSecurity
Bake Harden-Runner Into GitHub's Custom Runner Images for Organization-Wide CI/CD Security - StepSecurity
StepSecurity Is Now Available on Azure Marketplace - StepSecurity
Critical Remote Code Execution Vulnerabilities Discovered in React Server Components and Next.js - StepSecurity
How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository - StepSecurity
Sha1-Hulud: The Second Coming - Zapier, ENS Domains, and Other Prominent NPM Packages Compromised - StepSecurity
Supply Chain Security Alert: eslint-config-prettier Package Shows Signs of Compromise - StepSecurity
9,000 Open-Source Projects Now Secured by Harden-Runner - StepSecurity
Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages - StepSecurity
Introducing npm Package Search: Find Where Any Package Was Introduced Across Your GitHub Organizations - StepSecurity
StepSecurity Is Sponsoring GitHub Universe 2025 - StepSecurity
s1ngularity: Popular Nx Build System Package Compromised with Data-Stealing Malware - StepSecurity
Introducing StepSecurity Threat Intelligence: Real-Time Supply Chain Attack Alerts for Your SIEM - StepSecurity
8,000 Strong: Harden-Runner's Growing Impact on CI/CD Security - StepSecurity
Securing Google Gemini in GitHub Actions with Harden-Runner - StepSecurity
GhostAction Campaign: Over 3,000 Secrets Stolen Through Malicious GitHub Workflows - StepSecurity
Introducing the NPM Package Cooldown Check - StepSecurity
Securing GitHub Copilot in GitHub Actions with Harden-Runner - StepSecurity
Calculate Your CI/CD Security ROI with StepSecurity's New ROI Calculator - StepSecurity
How StepSecurity Harden Runner Detected Unexpected Microsoft Defender Installation on GitHub-hosted Ubuntu Runners - StepSecurity
StepSecurity Harden Runner: Detect source code tampering during the build process - StepSecurity
Suspicious Tag Movement in AWS’s GitHub Action: What Happened and Why It Matters - StepSecurity
When 'Changed Files' Changed Everything: Our Black Hat 2025 Presentation on the tj-actions Supply Chain Breach - StepSecurity
Lessons from AWS CodeBuild’s Memory-Dump Incident (CVE-2025-8217) - StepSecurity
Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise - StepSecurity
When AI Meets CI/CD: Coding Agents in GitHub Actions Pose Hidden Security Risks - StepSecurity
The GitHub Warning Everyone Ignores: 'This Commit Does Not Belong to Any Branch' - StepSecurity
8 GitHub Actions Secrets Management Best Practices to Follow - StepSecurity
7,000 Open-Source Projects Now Secured by Harden-Runner - StepSecurity
Replace Third-Party Actions with StepSecurity Maintained Actions via Automated Pull Requests - StepSecurity
StepSecurity Is Now Available on AWS Marketplace - StepSecurity
Introducing StepSecurity Artifact Monitor: Detect Unauthorized Software Releases in minutes, not months - StepSecurity
Introducing Workflow Run Policies: Guardrails for Blocking Non-Compliant GitHub Actions Runs - StepSecurity
Harden-Runner Detects New Traffic to release-assets.githubusercontent.com Across Multiple Customers - StepSecurity
Grafana GitHub Actions Security Incident - StepSecurity
Export Harden-Runner Security Insights and Detections to Amazon S3 - StepSecurity
Evolving Harden-Runner’s disable-sudo Policy for Improved Runner Security - StepSecurity
Announcing Policy-Driven Automated Pull Requests for CI/CD Misconfiguration Remediation - StepSecurity
Announcing StepSecurity’s Integration with RunsOn: Secure and Optimized CI/CD Pipelines - StepSecurity
Secure Repo Just Got Better: New Features for GitHub Actions Security Best Practices - StepSecurity
Why Compliance Auditors Are Looking at Your CI/CD Runners - And How to Prepare - StepSecurity
Harden-Runner Flags Anomalous Outbound Call, Leading to Docker Documentation Update - StepSecurity
StepSecurity Harden-Runner Now Secures GitHub Actions Workflows for Over 5,000 Open Source Projects - StepSecurity
GitHub Actions Pwn Request Vulnerability - StepSecurity
Prevent Ultralytics Style CI/CD Security Attacks with Network Security Controls - StepSecurity
PyTorch Supply Chain Compromise - StepSecurity
Unified Network Egress View: Centralize GitHub Actions Network Destinations for Your Enterprise - StepSecurity
Uniting Developers and Security: Celebrating the Success of 500+ Open Source Projects Using StepSecurity's Orchestration Platform - StepSecurity
5 Effective Third-Party GitHub Actions Governance Best Practices - StepSecurity
StepSecurity Recognized Among CRN’s "10 Hottest DevOps Startups Of 2024" - StepSecurity
Streamline Your GitHub Actions Workflows with StepSecurity’s Latest Feature - StepSecurity
StepSecurity Steps Up the Security Game with SOC 2 Type 2 Compliance - StepSecurity
StepSecurity's Alignment with CISA's CI/CD Security Guidance - StepSecurity
reviewdog GitHub Actions are compromised - StepSecurity
2025-07-08
·
via
Step Security Blog
reviewdog GitHub Actions are compromised
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。
原文来自
— 版权归原作者所有。