senooken JP Social
  • FAQ
  • Login
senooken JP Socialはsenookenの専用分散SNSです。

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. h3poteto (h3poteto@pleroma.io)'s status on Thursday, 03-Apr-2025 14:35:47 JST h3poteto h3poteto
    The initial leak was caused by pull_request_target trigger of Actions...
    https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/
    In conversation about 7 months ago from pleroma.io permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: unit42.paloaltonetworks.com
      GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 4/2)
      from Omer Gil, Aviad Hahami, Asi Greenholts, Yaron Avital
      A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains. A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains.

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    senooken JP Social is a social network, courtesy of senooken. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All senooken JP Social content and data are available under the Creative Commons Attribution 3.0 license.