Feb. 3, 2024, 1 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

A GitHub Actions workflow could have been used for a command injection vulnerability in Bazel, which had the potential for threat actors to add malicious code into the production environment for projects using the Google open-source product.


Article Link: Google supply chain bug patched in code-testing tool Bazel | SC Media


1 post - 1 participant


Read full topic

actions article bug code command command injection environment github github actions google injection link malicious media product production projects supply supply chain testing testing tool threat threat actors tool vulnerability

Privacy Engineer

@ Snap Inc. | Santa Monica - 2850 Ocean Park Blvd

Senior Security Researcher - Security Automation (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

Information Systems Security Engineer (ISSE)

@ Interclypse | Annapolis Junction, MD, US

Information Systems Security Officer (ISSO)

@ Interclypse | Annapolis Junction, MD, US

Systems Security Engineer (Hybrid)

@ RTX | FL410: Largo FL MFG 7887 Bryan Dairy Road , Largo, FL, 33777 USA

Principal Cyber Security Engineer (Onsite)

@ RTX | HIA33: Cedar Rapids, IA (Intertrade) 400 Collins Road NE MS 153-220, Cedar Rapids, IA, 52411-6636 USA