TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

By rooter

A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence.
The activity has been attributed to the GitHub account “BufferZoneCorp,” which has published a set of repositories that are associated with malicious Ruby gems and Go modules. As of

Oh hi there đŸ‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there đŸ‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

CMMC Is Exposing A Major Gap In The Defense Supply Chain

rooter
Cyber Security

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

rooter
Cyber Security

Zero Trust For AI In Defense Networks

rooter

Leave a Reply

You Missed

News

Did a medieval flying monk spot Halley’s comet, twice? It’s complicated

News

Conclave is the sound of a NYC summer block party

News

Open Channel: Tell Us Your Thoughts on ‘Disclosure Day’

News

How to watch most of the World Cup matches with free trials