Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces
Wiz Research has uncovered 550+ secrets hiding in plain sight. We worked with Microsoft to shut the door.
Rami McCarthy
Rami aspires to work on Security, for the Internet, at Wiz
Rami McCarthy の投稿
Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware
Detect and mitigate a critical supply chain compromise affecting over 100+ packages, organizations should act urgently.
s1ngularity's Aftermath: AI, TTPs, and Impact in the Nx Supply Chain Attack
A deeper look at the Nx supply chain attack: analyzing the performance of AI-powered malware, calculating incident impact, and sharing novel TTPs for further investigation.
s1ngularity: supply chain attack leaks secrets on GitHub: everything you need to know
Detect and mitigate a critical supply chain compromise affecting the Nx NPM Package. Organizations should act urgently.
Leaking Secrets in the Age of AI
How has AI-assisted development impacted secrets leakage? Learn the new patterns and emerging trends.
Rules Files for Safer Vibe Coding
Helping LLMs generate safer and more secure code through open-sourced rules files.
How to Harden GitHub Actions: The Unofficial Guide
Build resilient GitHub Actions workflows with lessons from recent attacks.
Research Briefing: MCP Security
The present and future of security for the Model Context Protocol.
How to use the new CloudTrail network activity events for AWS VPC Endpoints
Learn how AWS VPC Endpoint CloudTrail logs can help you troubleshoot endpoint policies and strengthen your network's security against data exfiltration.
新たなGitHub Actionのサプライチェーン攻撃: reviewdog/action-setup
tj-actions/changed-files に対するサプライチェーン攻撃により、多くのリポジトリが週末に機密情報を漏えいしました。Wiz Research は、reviewdog/actions-setup@v1 に対する追加のサプライチェーン攻撃を発見しており、これが tj-actions/changed-files の侵害に寄与した可能性があります。