CI/CD security Archives • Daily CyberSecurity

Malicious PyPI Package Wave Spreads Evolving Supply Chain Attacks malicious PyPI package wave supply chain attacks

Malicious PyPI Package Wave Spreads Evolving Supply Chain Attacks

Do Son June 9, 2026

Security Researchers Uncover Advanced Open Source Supply Chain Exploits A fresh threat report exposes an ongoing software...

Urgent Update: Composer Vulnerability Leaks GitHub Secrets in Plaintext Logs (CVE-2026-45793) CVE-2026-40176, CVE-2026-40261 Composer GitHub Token Leak CVE-2026-45793

CVE-2026-40176, CVE-2026-40261 Composer GitHub Token Leak CVE-2026-45793

Urgent Update: Composer Vulnerability Leaks GitHub Secrets in Plaintext Logs (CVE-2026-45793)

Do Son May 14, 2026

In a critical security alert for the PHP community, Nils Adermann, Co-Creator of Composer, has issued an...

9.8 Severity Alert: Malicious Git Branches Can Hijack Your WebdriverIO Build Servers WebdriverIO Command Injection CVE-2026-25244

9.8 Severity Alert: Malicious Git Branches Can Hijack Your WebdriverIO Build Servers

Do Son May 13, 2026

A critical security vulnerability has been found in WebdriverIO, a popular open-source test automation framework used for...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

Supply Chain Siege: 84 TanStack Packages Compromised to Steal GitHub Secrets

Do Son May 12, 2026

The software supply chain has just weathered another high-impact assault. The Socket Threat Research team has uncovered...

Highly Evasive NuGet Supply Chain Attack Hijacks 65,000 .NET Build Servers NuGet Supply Chain Attack .NET Malware

Highly Evasive NuGet Supply Chain Attack Hijacks 65,000 .NET Build Servers

Do Son May 8, 2026

A highly sophisticated software supply chain attack has compromised tens of thousands of developer workstations and CI/CD...

Waking the Sleepers: The BufferZoneCorp Campaign Poisoning Ruby and Go Ecosystems

Do Son May 2, 2026

Security researchers at Socket have uncovered a coordinated software supply chain campaign orchestrated through the GitHub account...

New DDoS Botnet Exploits Jenkins to Target Gaming Servers Jenkins DDoS Botnet Gaming Industry Cyberattacks

New DDoS Botnet Exploits Jenkins to Target Gaming Servers

Do Son May 1, 2026

Cybersecurity analysts at Darktrace have uncovered a new distributed denial-of-service (DDoS) botnet that specifically targets the video...

High-Severity RCE and XSS Flaws Found in Popular CI/CD Jenkins Plugins Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

High-Severity RCE and XSS Flaws Found in Popular CI/CD Jenkins Plugins

Do Son April 30, 2026

The Jenkins project has released a security advisory, addressing several vulnerabilities across its plugin ecosystem. The fixes...

The “Mini Shai-Hulud” Attack Hijacking SAP Developer Pipelines SAP Supply Chain Attack Mini Shai-Hulud Malware

The “Mini Shai-Hulud” Attack Hijacking SAP Developer Pipelines

Do Son April 29, 2026

Security researchers have sounded the alarm on a precision-targeted supply-chain compromise striking the SAP developer ecosystem. The...

Patching the CVSS 10 RCE Hole in Gemini CLI Gemini CLI Security Update Headless RCE Patch

Patching the CVSS 10 RCE Hole in Gemini CLI

Do Son April 28, 2026

A critical update has been issued for Gemini CLI (@google/gemini-cli) and the run-gemini-cli GitHub Action to address...

Void Dokkaebi Unmasked: The “Worm-Like” Supply Chain Threat Targeting Developers Void Dokkaebi Supply Chain Infected VS Code Tasks

Void Dokkaebi Unmasked: The “Worm-Like” Supply Chain Threat Targeting Developers

Do Son April 23, 2026

A new report from researchers at TrendMicro has exposed the evolution of Void Dokkaebi (also known as...

High-Severity PHPUnit Vulnerability Enables Remote Code Execution PHPUnit RCE Poisoned Pipeline Execution PHPUnit Vulnerability CVE-2026-24765

PHPUnit RCE Poisoned Pipeline Execution PHPUnit Vulnerability CVE-2026-24765

High-Severity PHPUnit Vulnerability Enables Remote Code Execution

Do Son April 22, 2026

The PHP development community is facing a significant security risk following the disclosure of a critical argument...

Critical RCE Alert: Bamboo Data Center Vulnerable to OS Command Injection CVE-2023-22518 Bamboo RCE CI/CD Supply Chain Security

Critical RCE Alert: Bamboo Data Center Vulnerable to OS Command Injection

Do Son April 22, 2026

Atlassian has issued a high-priority advisory for its Bamboo Data Center users, detailing a critical-severity security flaw...

Apple Google EU alliance DMA European Commission Breach Trivy Supply Chain Attack Europa.eu Breach EU Cloud Infrastructure EU Cyber Sanctions State-Sponsored Hacking EU 2040 Emissions Target, Europe Climate Leadership AWS Azure DMA Cloud Gatekeeper DSA violation, illegal content Apple DMA Delay, iPhone Mirroring EU EU Age Verification, Google Play Integrity Corning Antitrust, EU Competition Apple EU Digital Markets Act App Store commission European Union cyberattacks - InvestAI EU Targets Musk’s X Digital Markets Act, EU fines

The EU’s AWS “Master Key”: How a Compromised Trivy Update Leaked 340GB of Data

Do Son April 3, 2026

The digital defenses of the European Union faced a significant test this March as a sophisticated supply-chain...

Critical Jenkins Flaws Expose CI/CD Servers to Remote Code Execution Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

Critical Jenkins Flaws Expose CI/CD Servers to Remote Code Execution

Do Son March 19, 2026

The Jenkins project has released a critical security advisory addressing multiple vulnerabilities that could lead to full...

High-Severity RCE Flaw in Atlassian Bamboo Threatens CI/CD Environments CVE-2023-22508 Atlassian Bamboo Vulnerability CVE-2026-21570

High-Severity RCE Flaw in Atlassian Bamboo Threatens CI/CD Environments

Do Son March 19, 2026

Atlassian has sounded the alarm for users of its Bamboo Data Center, uncovering a high-severity Remote Code...

The Mutable Tag Trap: Critical 9.4 CVSS Attack on Xygeni GitHub Action Exposes CI/CD Pipelines Xygeni Tag Poisoning CVE-2026-31976

The Mutable Tag Trap: Critical 9.4 CVSS Attack on Xygeni GitHub Action Exposes CI/CD Pipelines

Do Son March 12, 2026

In a sophisticated supply chain manipulation, the xygeni-action GitHub Action was recently targeted by a critical “tag...

Security Alert: “Hackerbot-Claw” Autonomous Campaign Exploits GitHub Actions hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

Security Alert: “Hackerbot-Claw” Autonomous Campaign Exploits GitHub Actions

Do Son March 3, 2026

Christopher Robinson, Chief Technology Officer and Chief Security Architect at the Open Source Security Foundation (OpenSSF), has...

CI/CD at Risk: High-Severity Jenkins XSS Flaw Exposes Build Environments Jenkins Security Update CVE-2026-27099 Jenkins security - CVE-2023-35141 Jenkins plugins, CVE-2025-47884

Jenkins Security Update CVE-2026-27099 Jenkins security - CVE-2023-35141 Jenkins plugins, CVE-2025-47884

CI/CD at Risk: High-Severity Jenkins XSS Flaw Exposes Build Environments

Do Son February 19, 2026

Maintainers of Jenkins, the world’s leading open-source automation server, have issued critical security updates to address two...

CVE-2026-24765: PHPUnit Vulnerability Exposes CI/CD Pipelines to RCE PHPUnit RCE Poisoned Pipeline Execution PHPUnit Vulnerability CVE-2026-24765

CVE-2026-24765: PHPUnit Vulnerability Exposes CI/CD Pipelines to RCE

Do Son January 29, 2026

The maintainers of PHPUnit, the industry-standard testing framework for PHP, have released a critical security update to...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

CI/CD security

Malicious PyPI Package Wave Spreads Evolving Supply Chain Attacks

Urgent Update: Composer Vulnerability Leaks GitHub Secrets in Plaintext Logs (CVE-2026-45793)

9.8 Severity Alert: Malicious Git Branches Can Hijack Your WebdriverIO Build Servers

Supply Chain Siege: 84 TanStack Packages Compromised to Steal GitHub Secrets

Highly Evasive NuGet Supply Chain Attack Hijacks 65,000 .NET Build Servers

Waking the Sleepers: The BufferZoneCorp Campaign Poisoning Ruby and Go Ecosystems

New DDoS Botnet Exploits Jenkins to Target Gaming Servers

High-Severity RCE and XSS Flaws Found in Popular CI/CD Jenkins Plugins

The “Mini Shai-Hulud” Attack Hijacking SAP Developer Pipelines

Patching the CVSS 10 RCE Hole in Gemini CLI

Void Dokkaebi Unmasked: The “Worm-Like” Supply Chain Threat Targeting Developers

High-Severity PHPUnit Vulnerability Enables Remote Code Execution

Critical RCE Alert: Bamboo Data Center Vulnerable to OS Command Injection

The EU’s AWS “Master Key”: How a Compromised Trivy Update Leaked 340GB of Data

Critical Jenkins Flaws Expose CI/CD Servers to Remote Code Execution

High-Severity RCE Flaw in Atlassian Bamboo Threatens CI/CD Environments

The Mutable Tag Trap: Critical 9.4 CVSS Attack on Xygeni GitHub Action Exposes CI/CD Pipelines

CI/CD at Risk: High-Severity Jenkins XSS Flaw Exposes Build Environments

CVE-2026-24765: PHPUnit Vulnerability Exposes CI/CD Pipelines to RCE