TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

Continuous integration and continuous delivery CI/CD misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to "conduct a supply chain compromise of...

Hackers use typosquatting to trojanize 700 libraries in Ruby Repository

By Sudais Asif In the traditional sense, we usually come across typosquatting in the form of attackers creating misspelled domain names... This is a post from HackRead.com Read the original post: Hackers use typosquatting to trojanize 700 libraries in Ruby Repository...

Docker Security Analysis Tools: dockerscan

Docker Security Analysis Tools Currently Docker Scan support these actions: Registry Delete: Delete remote image / tag Info: Show info from remote registry Push: Push and image like Docker client Upload: Upload random a file Image Analyze: Looking for sensitive information in a Docker image...

Chinese Hackers discovered second Android master key vulnerability

Android Security Squad, the China-based group that uncovered a second Android master key vulnerability that might be abused to modify smartphone apps without breaking their digital signatures. The whole point of digitally signing a document or file is to prove the file hasn't been modified. The...