• How We Found Another GitHub Actions Environment Injection Vulnerability in a Google Project https://www.legitsecurity.com/blog/-how-we-found-another-github-action-environment-injection-vulnerability-in-a-google-project 2 comments 16/7/2023 netsec
• Using a service with markdown capabilities? Good chance it's vulnerable and attackers can easily take it down https://www.legitsecurity.com/blog/dos-via-software-supply-chain-innumerable-projects-exposed-to-a-markdown-library-vulnerability 9 comments 22/1/2023 netsec
• GitHub Actions Privilege Escalations - The "workflow_run" trigger https://www.legitsecurity.com/blog/github-privilege-escalation-vulnerability 6 comments 5/1/2023 netsec
• Beware of this CI/CD vulnerability: GitHub Environment Injection (Google & Apache found vulnerable) https://www.legitsecurity.com/blog/github-privilege-escalation-vulnerability-0 6 comments 19/12/2022 netsec
• GitHub Actions - Artifact Poisoning Vulnerability https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust 6 comments 4/12/2022 netsec
• "Pull Request Hijacking" - bypassing code review enforcement in GitHub https://www.legitsecurity.com/blog/bypassing-github-required-reviewers-to-submit-malicious-code 24 comments 11/9/2022 netsec