Cloud Native Security

The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree

Learn how a novel attack vector in GitHub Actions allows attackers to distribute malware across repositories using a technique that exploits the actions dependency tree and puts countless open-source projects and internal repositories at risk. Get an in-depth look at the attack vectors, technical details and a real-world demo in this blog post highlighting our latest research.

As the premier platform for hosting open-source projects, GitHub’s popularity has boosted the popula...

Sep 14, 2023
OpenID Connect: Let’s Talk Security
OpenID Connect (OIDC) is a modern authentication and authorization protocol built on top of the 0Auth 2.0 framework. OIDC enables secure and standardized authentication in applications, particularly web and mobile applications.
Sep 12, 2023
GigaOm Names Prisma Cloud a CSPM Leader, Second Consecutive Year
Moving to the cloud comes with technical complexities — security being one. Addressing the misconfigurations and risks contributes to this complexity,...
Aug 31, 2023
Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows
In today’s post, we look at action pinning, one of the profound mitigations against supply chain attacks in the GitHub Actions ecosystem. It turns out, though, that action pinning...
Aug 30, 2023
New Innovation Insight: CIEM Report from Gartner®
As the cloud continues to dominate the operating landscape, it has also revolutionized identity and access management, giving rise to new challenges — particularly with the proliferation of identities required...
Aug 23, 2023

Subscribe to Cloud Native Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.