TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

By rooter

A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence.
The activity has been attributed to the GitHub account “BufferZoneCorp,” which has published a set of repositories that are associated with malicious Ruby gems and Go modules. As of

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

Top Five Sales Challenges Costing MSPs Cybersecurity Revenue

rooter
Cyber Security

Do You Need to Comply with the PCI DSS? A Practical Guide for Businesses

rooter
Cyber Security

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

rooter

Leave a Reply

You Missed

News

‘Star Wars’ Is Only a Small Part of What’s Coming to the Lucas Museum

News

Microsoft wants lawyers to trust its new AI agent in Word documents

Security

A Ransomware Negotiator Was Working for a Ransomware Gang

News

The Next ‘Blair Witch’ Movie Is Bringing Back (Most of) the Creatives From the Original Film