Geek-Guy.com

Category: Vulnerability Research

CodeQLEAKED – Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL

A potential supply chain attack on GitHub CodeQL started simply: a publicly exposed secret, valid for 1.022 seconds at a time. In that second, an attacker could take a series of steps that would allow them to execute code within a GitHub Actions workflow in most repositories using CodeQL, GitHub’s code analysis engine trusted by…

Tarbomb Denial of Service via Path Traversal

As software applications are built and developed over the years, engineering teams continuously shift perspective on what features to prioritize or de-prioritize. A feature developed five years ago may have no significance today. However, features deemed low priority may still be kept operational for legacy, compatibility, or business requirement reasons. Praetorian discovered such a legacy…

WordPress Appliance - Powered by TurnKey Linux