CI/CD Archives • Daily CyberSecurity

The Malware Factory: Unmasking the 108-Package North Korean Siege on npm npm Supply Chain Attack DPRK Malware Factory

The Malware Factory: Unmasking the 108-Package North Korean Siege on npm

Do Son April 29, 2026

Cybersecurity researchers at Panther Threat Research have released a detailed exposé on a massive, coordinated npm malware...

Android CLI Android Security Zero-Interaction DoS CVE-2026-21385 Android Security Update UK CMA Apple Google regulation Google Aluminum OS Android 16 leak, ALOS Android ChromeOS merger Android sideloading certification 2026, Google developer verification APK Android AOSP biannual release, AOSP source code latency 2026 Android Zero-Day, Critical DoS Flaw Android Universal Clipboard Cross-Device Sync Gemini Nano Block, Unlocked Bootloader Android, Calling Cards Android Security Bulletin, RCE Vulnerability Android Linux GUI, Debian VM Android System Services, Google Transparency Android 16, Pixel Update

Beyond the IDE: How Google’s New Android CLI Enables 3x Faster Agent-Led Development

Do Son April 20, 2026

Google has inaugurated a sophisticated Android CLI tool on its official developer portal, representing a pivotal advancement...

GitLab Patch Alert: High-Severity Web IDE Flaw Exposes Private Repos GitLab Security Update CVE-2025-7659 CVE-2024-5655 GitLab Vulnerabilities, XSS & Data Exposure

GitLab Security Update CVE-2025-7659 CVE-2024-5655 GitLab Vulnerabilities, XSS & Data Exposure

GitLab Patch Alert: High-Severity Web IDE Flaw Exposes Private Repos

Do Son February 11, 2026

GitLab has released a sweeping security update for its Community (CE) and Enterprise (EE) editions, patching a...

The Developer Win: GitHub Postpones Self-Hosted Runner Fee After Massive Community Outcry GitHub Copilot Pro trial suspension GitHub Actions Platform Fee, Self-Hosted Runner Tax 2026 GitHub Apple ID, Privacy Login GitHub Microsoft Github disruptions CVE-2025-30066 GitHub Outage, Service Disruption

GitHub Copilot Pro trial suspension GitHub Actions Platform Fee, Self-Hosted Runner Tax 2026 GitHub Apple ID, Privacy Login GitHub Microsoft Github disruptions CVE-2025-30066 GitHub Outage, Service Disruption

The Developer Win: GitHub Postpones Self-Hosted Runner Fee After Massive Community Outcry

Do Son December 18, 2025

Recently, the code hosting platform GitHub published a blog post announcing that, starting March 1, 2026, GitHub...

High-Severity Jenkins Flaws Risk Unauthenticated DoS via HTTP CLI and XSS Via Coverage Reports Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

High-Severity Jenkins Flaws Risk Unauthenticated DoS via HTTP CLI and XSS Via Coverage Reports

Do Son December 11, 2025

The maintainers of Jenkins, the world’s leading open-source automation server, have issued a critical security advisory addressing...

High-Severity GitLab XSS Flaw (CVE-2025-11224) Risks Kubernetes Proxy Session Hijacking GitLab Security Code Integrity GitLab sale GitLab, Security GitLab Stored XSS, Kubernetes Proxy Flaw

GitLab Security Code Integrity GitLab sale GitLab, Security GitLab Stored XSS, Kubernetes Proxy Flaw

High-Severity GitLab XSS Flaw (CVE-2025-11224) Risks Kubernetes Proxy Session Hijacking

Do Son November 13, 2025

GitLab has released a new round of security updates for both Community Edition (CE) and Enterprise Edition...

Jenkins Faces Wave of Plugin Flaws, Including SAML Authentication Bypass (CVE-2025-64131) Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

Jenkins Faces Wave of Plugin Flaws, Including SAML Authentication Bypass (CVE-2025-64131)

Do Son October 30, 2025

The Jenkins project has issued a major security advisory addressing a wave of vulnerabilities, including high-severity flaws...

Jenkins Patches High-Severity Vulnerabilities, Including a DoS Flaw Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

Jenkins Patches High-Severity Vulnerabilities, Including a DoS Flaw

Do Son September 18, 2025

Jenkins, one of the most widely used open-source automation servers, has released a new security advisory addressing...

Critical RCE Flaw (CVE-2025-54594) in React Native Bottom Tabs’ GitHub Actions Exposed Secrets GitHub Actions Vulnerability, React Native Bottom Tabs

GitHub Actions Vulnerability, React Native Bottom Tabs

Critical RCE Flaw (CVE-2025-54594) in React Native Bottom Tabs’ GitHub Actions Exposed Secrets

Do Son August 6, 2025

A critical vulnerability—CVE-2025-54594 (CVSS 9.1)—has been identified in the React Native Bottom Tabs project, exposing the repository...

Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets Lazarus Group, Software Supply Chain

Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets

Do Son July 31, 2025

In a recently expose, Sonatype reveals a covert cyberespionage campaign orchestrated by the North Korea-linked Lazarus Group,...

Critical Command Injection (CVE-2025-54416) in tj-actions/branch-names GitHub Action Exposes 5,000+ Repos GitHub Actions Vulnerability, Command Injection

GitHub Actions Vulnerability, Command Injection

Critical Command Injection (CVE-2025-54416) in tj-actions/branch-names GitHub Action Exposes 5,000+ Repos

Do Son July 28, 2025

A critical command injection vulnerability has been disclosed in the widely used GitHub Action tj-actions/branch-names, affecting over...

Critical CI/CD Cache Poisoning Threatens Supply Chain: Undetectable Code Injection Possible! CI/CD Security, Cache Poisoning

Critical CI/CD Cache Poisoning Threatens Supply Chain: Undetectable Code Injection Possible!

Do Son June 13, 2025

A newly disclosed vulnerability tracked as CVE-2025-36852 has shaken the foundation of modern CI/CD systems and supply...

Urgent GitLab Security Alert: High-Severity Flaws Allow Account Takeover & Code Injection! GitLab Security, High-Severity Flaws

Urgent GitLab Security Alert: High-Severity Flaws Allow Account Takeover & Code Injection!

Do Son June 12, 2025

GitLab has issued urgent security updates for its Community Edition (CE) and Enterprise Edition (EE), addressing a...

Unpatched XSS Vulnerability in Jenkins Gatling Plugin Puts Users at Risk (CVE-2025-5806) Jenkins Security Vulnerability

Unpatched XSS Vulnerability in Jenkins Gatling Plugin Puts Users at Risk (CVE-2025-5806)

Do Son June 7, 2025

The Jenkins community has issued a high-severity security advisory for a newly disclosed vulnerability in the Gatling...

Alert: Malicious RubyGems Impersonate Fastlane Plugins, Steal CI/CD Data

Do Son June 4, 2025

Socket’s Threat Research Team has uncovered a targeted supply chain attack leveraging malicious RubyGems impersonating Fastlane plugins....

Critical Alert 3 Active Exploits Detected Today

Critical Alert

CI/CD

The Malware Factory: Unmasking the 108-Package North Korean Siege on npm

Beyond the IDE: How Google’s New Android CLI Enables 3x Faster Agent-Led Development

GitLab Patch Alert: High-Severity Web IDE Flaw Exposes Private Repos

The Developer Win: GitHub Postpones Self-Hosted Runner Fee After Massive Community Outcry

High-Severity Jenkins Flaws Risk Unauthenticated DoS via HTTP CLI and XSS Via Coverage Reports

High-Severity GitLab XSS Flaw (CVE-2025-11224) Risks Kubernetes Proxy Session Hijacking

Jenkins Faces Wave of Plugin Flaws, Including SAML Authentication Bypass (CVE-2025-64131)

Jenkins Patches High-Severity Vulnerabilities, Including a DoS Flaw

Critical RCE Flaw (CVE-2025-54594) in React Native Bottom Tabs’ GitHub Actions Exposed Secrets

Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets

Critical Command Injection (CVE-2025-54416) in tj-actions/branch-names GitHub Action Exposes 5,000+ Repos

Urgent GitLab Security Alert: High-Severity Flaws Allow Account Takeover & Code Injection!

Unpatched XSS Vulnerability in Jenkins Gatling Plugin Puts Users at Risk (CVE-2025-5806)

Alert: Malicious RubyGems Impersonate Fastlane Plugins, Steal CI/CD Data