Recherche : [Action] - Cyberveille

CVE-2025-32955: Security mechanism bypass in Harden-Runner Github Action https://sysdig.com/blog/security-mechanism-bypass-in-harden-runner-github-action/

23/04/2025 08:09:24

The Sysdig Threat Research Team (TRT) has discovered CVE-2025-32955, a now-patched vulnerability in Harden-Runner, one of the most popular GitHub Action CI/CD security tools. Exploiting this vulnerability allows an attacker to bypass Harden-Runner’s disable-sudo security mechanism, effectively evading detection within the continuous integration/continuous delivery (CI/CD) pipeline under certain conditions. To mitigate this risk, users are strongly advised to update to the latest version.

The CVE has been assigned a CVSS v3.1 base score of 6.0.

Europol coordinates global action against criminal abuse of Cobalt Strike | Europol https://www.europol.europa.eu/media-press/newsroom/news/europol-coordinates-global-action-against-criminal-abuse-of-cobalt-strike?mtm_campaign=newsletter

03/07/2024 22:04:56

Abuse by cybercriminals Cobalt Strike is a popular commercial tool provided by the cybersecurity software company Fortra. It is designed to help legitimate IT security experts perform attack simulations that identify weaknesses in security operations and incident responses. In the wrong hands, however, unlicensed copies of Cobalt Strike can provide a malicious actor with a wide range of attack capabilities.Fortra...

SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation https://www.cybersecuritydive.com/news/sec-solarwinds-ciso-cfo-orion/653864/

29/06/2023 14:23:33

The Securities and Exchange Commission has notified the chief financial officer and CISO of SolarWinds about potential enforcement actions related to the 2020 cyberattack against the company’s Orion software platform, the company disclosed in a regulatory filing with the agency.

Liens par page

Filtres