all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Cycode Discovers a Supply Chain Vulnerability in Bazel

Add to bookmarks
Feb. 1, 2024, 1:58 p.m. | Elad Pticha

Security Boulevard securityboulevard.com

Executive Summary The Cycode Research Team discovered a software supply chain vulnerability in one of Google’s open source flagship products, Bazel. We found that a GitHub Actions workflow could have been injected by a malicious code due to a command injection vulnerability in one of Bazel’s dependent Actions. This vulnerability directly impacts the software supply ... Read more


The post Cycode Discovers a Supply Chain Vulnerability in Bazel appeared first on Cycode.


The post Cycode Discovers a Supply Chain …

actions application security blog cd pipeline ci code command command injection cycode executive found github github actions google injection malicious open source products research software software supply chain software supply chain security supply supply chain supply chain vulnerability team vulnerability

Visit resource

More from securityboulevard.com / Security Boulevard

Reading the Mandiant M-Trends 2024 2 hours ago | securityboulevard.com
blog etc incidents live +9
Lawsuits After Ransomware on the Rise, Comparitech Says 5 hours ago | securityboulevard.com
attacks companies cost of data breach cyberlaw +24
How Do I Protect My AI Model? 5 hours ago | securityboulevard.com
ai model ai models assets mend +4
Product Release: PreVeil 5.0 6 hours ago | securityboulevard.com
list page product product release +5
What’s hot at RSAC 2024: 8 SSCS talks you don’t want to miss 8 hours ago | securityboulevard.com
appsec & supply chain security cisos development don +16
ADCS Attack Paths in BloodHound — Part 2 9 hours ago | securityboulevard.com
abuse active directory adc adcs +16
It’s 3am… Do You Know Where Your Data Is? 9 hours ago | securityboulevard.com
3am blog data security +2
AI: Separating Fact from Fiction 10 hours ago | securityboulevard.com
fact fantasy fiction movies +2
Zero-Day Nightmare: Palo Alto, Cisco, and MITRE Under Attack 10 hours ago | securityboulevard.com
adaptive security alto asa attack +29

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Azure DevSecOps Cloud Engineer II

@ Prudent Technology | McLean, VA, USA
View on infosec-jobs.com

Security Engineer III - Python, AWS

@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
View on infosec-jobs.com

SOC Analyst (Threat Hunter)

@ NCS | Singapore, Singapore
View on infosec-jobs.com

Managed Services Information Security Manager

@ NTT DATA | Sydney, Australia
View on infosec-jobs.com

Senior Security Engineer (Remote)

@ Mattermost | United Kingdom
View on infosec-jobs.com

Penetration Tester (Part Time & Remote)

@ TestPros | United States - Remote
View on infosec-jobs.com
View more jobs