The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance
by Gary S. Miliefsky, CISSP, fmDHS I came up with this model to simplify cybersecurity, resiliency and regulatory compliance for…
Internet Archive breached again through stolen access tokens
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors…
GitLab warns of critical arbitrary branch pipeline execution flaw
GitLab has released security updates to address multiple flaws in Community Edition (CE) and Enterprise Edition (EE), including a critical…
GitLab warns of critical pipeline execution vulnerability
GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines…
Wanted: A SBOM Standard to Rule Them All
A unified standard is essential for realizing the full potential of SBOMs in enhancing software supply chain security.
GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln
The bug (CVE-2024-6385) is similar — but not identical — to a critical flaw GitLab patched just two weeks ago.
GitLab: Critical bug lets attackers run pipelines as other users
GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline…
RSA Conference 2024 Highlights: Cutting-Edge Cybersecurity Innovations
AI in Action: Real-World Breakthroughs and Innovations Attending the RSA Conference for the first time was an incredible experience! Ever…
Critical GitLab bug lets attackers run pipelines as any user
A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines…
High-severity GitLab flaw lets attackers take over accounts
GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks. [...]