Tag

Ci Cd

All articles tagged with #ci cd

technology1 month ago•4 min saved

Bitwarden CLI Breach Ties to Checkmarx Supply Chain Campaign

Bitwarden CLI version 2026.4.0 was compromised via a malicious bw1.js distributed through npm during the Checkmarx supply chain campaign, with attackers exploiting a compromised GitHub Action in Bitwarden's CI/CD to steal tokens, secrets and credentials and exfiltrate them to audit.checkmarx.cx (and a fallback GitHub repository). The malware can inject malicious workflows to harvest secrets across downstream pipelines; Bitwarden says no end-user vault data was accessed and the issue was contained with the release deprecated. The incident is linked to TeamPCP and related to the Shai-Hulud activity; a CVE will be issued for this release.

via The Hacker News|

#bitwarden #ci-cd #cybersecurity

security4 months ago•5 min saved

Target staff verify leaked internal code; access to private git server tightened

Multiple Target current and former employees confirm that the leaked internal source code and documentation match real Target systems, with references to real platforms and codenames; the company has accelerated a security change that restricts access to the on‑prem git.target.com Git server to corporate networks or VPN, making it unavailable from the public internet; investigators note a suspected connection to a previously infected workstation and the threat actor’s claim of an 860GB dataset, though Target has not disclosed whether a breach or insider involvement is under investigation.

via BleepingComputer|

#ci-cd #gitea #internal-security