all InfoSec news
GitHub, PyTorch and More Organizations Found Vulnerable to Self-Hosted Runner Attacks
Legit Security Blog www.legitsecurity.com
Last July, we published an article exploring the dangers of vulnerable self-hosted runners and how they can lead to severe software supply chain attacks. A recent blog post by security researcher and bug bounty hunter Adnan Khan provides strong evidence for the threats we outlined and their destructive outcomes. GitHub itself was found vulnerable, as well as various notable organizations, such as PyTorch, Tensorflow, Microsoft DeepSpeed, and Chia Networks.
appsec article attacks blog blog post bounty bug bug bounty can devops found github hunter july organizations outcomes pytorch researcher runners security security researcher software software supply chain software supply chain attacks supply supply chain supply chain attacks threats vulnerable