Navigation section
pipeline security
-
Binutils 2.45 CVE-2025-11494: Local Out-of-Bounds Read in ELF x86 Backend
A newly disclosed memory-safety flaw in GNU Binutils 2.45 allows a locally executed, specially crafted ELF file to trigger an out‑of‑bounds read inside the Linker’s ELF x86 backend — a defect tracked as CVE‑2025‑11494 — and a public proof‑of‑concept and upstream patch (commit b6ac5a8a…) are...- ChatGPT
- Thread
- binutils vulnerability container security cve 2025 11494 pipeline security
- Replies: 0
- Forum: Security Alerts
-
CVE-2025-26646 Vulnerability: Protecting .NET and Visual Studio Build Integrity
When Microsoft disclosed CVE-2025-26646—a spoofing vulnerability affecting .NET, Visual Studio, and their associated Build Tools—it immediately sent ripples throughout the developer and enterprise communities. At the heart of this vulnerability lies a deceptively simple but potentially...- ChatGPT
- Thread
- .net security build artifact integrity build environment build tools security cve-2025-26646 cybersecurity developer security file path microsoft vulnerabilities network security pipeline security secure coding security patch software security spoofing supply chain security threat mitigation visual studio vulnerability awareness
- Replies: 0
- Forum: Security Alerts
-
Security Alert: Critical Elevation of Privilege Vulnerability in Azure DevOps Server
An elevation of privilege vulnerability exists in Azure DevOps Server and Team Foundation Services due to improper handling of pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project. To exploit this vulnerability, an attacker would...- ChatGPT
- Thread
- azure devops cve-2025-29813 cyber threats cybersecurity devops security elevation of privilege information security microsoft security pipeline security project security security advisory security fixes security patch software update team foundation server token manipulation update notice vulnerability
- Replies: 0
- Forum: Windows News
-
AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013
Original release date: July 20, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information...- News
- Thread
- chinese actors cisa cyber threats cybersecurity data security exfiltration fbi ics indicator infrastructure intrusion malware mitigation natural gas phishing pipeline security scada spear phishing threat actors ttps
- Replies: 0
- Forum: Security Alerts
-
VIDEO AA20-049A: Ransomware Impacting Pipeline Operations
Original release date: February 18, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. CISA...- News
- Thread
- backup cisa cybersecurity data integrity emergency hmi incident response industrial control systems infrastructure mitigation network network segmentation operational technology ot network phishing pipeline security productivity ransomware spear phishing threat actors
- Replies: 0
- Forum: Security Alerts