We immediately disclosed these vulnerabilities to the Jenkins team in January 2023, and they responded quickly by issuing a patch for the Jenkins server and the Jenkins Update Center.Read our blog for more information (blog.aquasec.com/jenkins-ser…) #jenkins #cve (5/5)🧵

אמ;לק: @YakirKad, @GoldmanIlay מ @AquaSecTeam עשו מחקר מרתק על סיקרטים שלא ניתנים לאיתור ע״י הסורקים הנפוצים כיום. הצוות גילה קרדנשילס לסביבות ענן, תשתיות פנימיות, פלטפורמות טלמטריות, רשתות, מצלמות ועוד, חשופים לעולם. מחקתם את הסיקרט? חושבים שזה מספיק? אולי כדאי לכם לצלול >>

🛑 Ubuntu users, beware! Hackers can exploit a #vulnerability in the command-not-found utility to recommend and trick you into installing rogue packages via snap repositories. Learn more: thehackernews.com/2024/02/ub… Double-check sources before installation. #Linux #Cybersecurity

🚨 Snap Trap: The Hidden Dangers Within Ubuntu’s Package Suggestion System 🚨 Attackers could manipulate the package suggestion mechanism in Ubuntu to fool users into installing malicious packages. aquasec.com/blog/snap-trap-t… @AquaSecTeam (1/3) 🧵 #Ubuntu #SSC #CyberSecurity

I’m gonna give 10 random people that repost this and follow me $25,000 for fun (the $250,000 my X video made) I’ll pick the winners in 72 hours

In this #RSAC 2023 presentation, speakers @YakirKad and @GoldmanIlay elaborate on the many attack vectors in the supply chain ecosystem, including integrated development environment (IDE), source code management (SCM), package managers and CI/CD. spr.ly/6014u022j

Open-source vulnerability disclosure: Exploitable weak spots - helpnetsecurity.com/2023/11/… - @AquaSecTeam @GoldmanIlay @YakirKad #OpenSource #GitHub #VulnerabilityDisclosure #Cybersecurity #CybersecurityNews #InfosecNews

Have you heard of GitHub RepoJacking? 💀 @goldmanilay and @YakirKad from @AquaSecTeam have discovered 37k vulnerable repositories that are at risk of RepoJacking, posing a significant threat to organizations. #bugbounty #bugbountytip #applicationsecurity

🔐 Unlock the secrets of supply chain vulnerabilities! Check out this informative session from BlackHat Asia 2023, "Breaking the Chain", where the attacker's perspective is examined across 5 phases of the cloud development flow. 👀 Watch now: youtube.com/watch?v=mWgcJxQ7… Presented by: @YakirKad & @GoldmanIlay #supplychainsecurity #cloudsecurity #blackhatasia2023

Even though the video quality isn't the best, I can assure you that the content is the best.

⚔️ GitHub Repositories Vulnerable to RepoJacking Obtaining remote code execution on 37K GitHub repos via RepoJacking: * Exploitation Scenarios * RepoJacking Restrictions and Bypasses * Summary and Mitigations more! By @goldmanilay and @YakirKad blog.aquasec.com/github-data…

Check out our new blog about repojacking. We show a massive dataset we used and introduce exploitation scenarios using real repoaitories examples

🚨 🚨 The critical chain of vulnerabilities in the widely used Jenkins Server and Update Center have been assigned a score of 9.6, elevating their severity to critical. #CVE Read Aqua Nautilus's research that found these vulnerabilities to understand the impact and what you can do to mitigate your risk. w/@YakirKad and @GoldmanIlay blog.aquasec.com/jenkins-ser…