https://committing-crimes.com/articles/2024-09-09-jitpack/

The infosec hell was never users writing down their password in a post-it stuck to their monitor.

The true infosec hell is developers trusting centralized repositories of "open source" that nobody reads nor audits.

Again I have to battle against devs that, for pure convenience and laziness, put users and the company at the mercy of any random of the internet, with the willing to perform a supply chain attack.

#infosec #centralization #zerotrust #supplychainattack

https://committing-crimes.com/articles/2024-09-09-jitpack/

The infosec hell was never users writing down their password in a post-it stuck to their monitor.

The true infosec hell is developers trusting centralized repositories of "open source" that nobody reads nor audits.

Again I have to battle against devs that, for pure convenience and laziness, put users and the company at the mercy of any random of the internet, with the willing to perform a supply chain attack.

#infosec #centralization #zerotrust #supplychainattack

just came across this video which describes a supply chain attack on a popular minecraft server-side mod (zauctionhouse) which occured because credentials were obtained from stealer logs

https://www.youtube.com/watch?v=Ro-ucL_TA98

#infosec#minecraft#SupplyChainAttack

🚨 Malware Found in Official GravityForms Plugin Indicating Supply Chain Breach - Patchstack

https://patchstack.com/articles/critical-malware-found-in-gravityforms-official-plugin-site/

#gravityforms #supplychainattack #malware #wordpress