Worse than SolarWinds: Three Steps to  Hack Blockchains, GitHub, and ML through GitHub Actions
johnstawinski.com
Six months ago, my friend and colleague Adnan Khan started researching a new class of CI/CD attacks. Adnan grasped the significance of these attacks after executing them against GitHub to gain tota…

Intro into CI/CD research that has lead to critical vulnerabilities in Google, Meta, Microsoft, Blockchains, and more.::Six months ago, my friend and colleague Adnan Khan started researching a new class of CI/CD attacks. Adnan grasped the significance of these attacks after executing them against GitHub to gain total control of the GitHub Actions runner images. GitHub’s bug bounty program scored this vulnerability as “Critical” and paid a $20,000 reward. Following this…

  • @[email protected]
    38 months ago

    So those fuckers are wide open to being hacked, but there’s multiple people running for president right now who want those morons to host the services for digital IDs and digital currency?

    Those systems In Australia and India crash and get hacked all the time. When they crash, it shuts down all of society and when they get hacked the people who had their information stolen are completely fucked.