Hitesh Patrablogs.hiteshpatra.in·Dec 4, 2024CVE-2024-54134 - Solana Web3.js Supply Chain AttackA supply chain attack was detected in version 1.95.6 and 1.95.7 of the @solana/web3.js npm library. This compromised version contain injected malicious code that can steal keys from developers and users, potentially enabling attackers to drain crypto...12 likes·102 readsCVE Analysissupplychainattack
Abhiramcloudbuddy.hashnode.dev·Oct 29, 2024Supply Chain Attacks: Securing Your Software from Third-Party CodeIn today's interconnected world, software applications increasingly rely on third-party components. While these components can accelerate development and provide valuable functionality, they also introduce new security risks. Supply chain attacks, wh...supplychainsecurity
Hardik Nandar0075h3ll.hashnode.dev·Sep 28, 2024Using Gitlab for DevSecOpsDevSecOps is an established - and now being adopted - philosophy that aims to foster collaboration between Developement, Security, and Operations teams in an Organization. Being an integral part of SDLC, security testing is something that has helped ...129 readsDevops
Gift Ayodeledevgifttemitope.hashnode.dev·Sep 13, 2024What is Blockchain?Blockchain is a revolutionary technology that’s changing how we think about transactions, security, and trust. It’s the backbone behind cryptocurrencies like Bitcoin and Ethereum, but it’s much more than just about digital money. To put it simply, bl...Programming FundamentalsBlockchainForBeginners
Kunal VermaforKubesimplifyblog.kubesimplify.com·Jun 13, 2024Supply Chain Security Using SLSA - Part 2 (The Framework)In Part 1 of our ongoing Supply Chain Security series, we delved into the fundamental aspects of supply chain security and its growing importance. If you haven’t yet checked out the first part, make sure to give it a read now! Now that we've establ...11 likes·188 readsSecurity
Panagiotis Vasilikossecuringbits.com·Apr 24, 2024Cache Attacks on CI/CD SystemsA new type of attack affecting major CI/CD service providers. Attackers can exploit CI/CD cache mechanisms to inject malicious code or steal your secrets. This information is detailed in the paper by Gu, Ying, Chai, Pu, Duan and Gao "More Haste, Less...Application Security
Panagiotis Vasilikossecuringbits.com·Apr 17, 2024Open-Source Secret Scanning ToolsImplement secret scanning in your pipelines today with the following 5 open-source tools: - Trufflehog https://github.com/trufflesecurity/trufflehog - GitLeaks https://github.com/gitleaks/gitleaks - Semgrep https://github.com/semgrep/semgrep - Talism...33 readsOpen Source
GEANT TECH LLCgeanttechnology-1694821411582.hashnode.dev·Nov 9, 2023Trivy - The Container Image ScannerPreamble: Trivy is an open source single binary application written in Go and designed to find vulnerabilities, misconfigurations, secrets, SBOMs (Software Bill of Materials) in Container Images and Virtual Machine Images. It is a versatile security ...87 readstrivy
Panagiotis Vasilikossecuringbits.com·Oct 4, 2023Malicious VSCode ExtensionsAre malicious☠️VSCode extensions lurking in your workspace? Today's comic is inspired by the recent talk "Breaking the Chain: An Attacker's Perspective on Supply Chain Vulnerabilities and Flaws" by Ilay Goldman and Yakir Kadkoda from Aqua Security....supplychainsecurity
Avishek Sarkaraviii.hashnode.dev·Aug 15, 2023Dependency Confusion Attack on NPM: An End-to-End POCThe inspiring source here gave me creative inspiration for this blog. Dependency Confusion was initially disclosed by Alex Birsan. Introduction to Dependency Confusion Attack When building a web application or app, utilizing existing code and librari...612 readssupplychainsecurity