Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (Cyborg)
  • No Skin
Collapse
Brand Logo

CIRCLE WITH A DOT
  1. Home
  2. Uncategorized
  3. another day, another ai supply chain backdoor.

another day, another ai supply chain backdoor.

Scheduled Pinned Locked Moved Uncategorized
5 Posts 4 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • viss@mastodon.socialV This user is from outside of this forum
    viss@mastodon.socialV This user is from outside of this forum
    viss@mastodon.social
    wrote last edited by
    #1

    another day, another ai supply chain backdoor.

    or, several hundred of em, anyway.

    viss@mastodon.socialV lando@infosec.townL r0k@mastodon.socialR 3 Replies Last reply
    0
    • viss@mastodon.socialV viss@mastodon.social

      another day, another ai supply chain backdoor.

      or, several hundred of em, anyway.

      viss@mastodon.socialV This user is from outside of this forum
      viss@mastodon.socialV This user is from outside of this forum
      viss@mastodon.social
      wrote last edited by
      #2

      id never considered pulling the ram out of the runner like that. when i steal github secrets its always through bad permisions on workflows but id shell the runner cuz its all env vars. super easy.
      get shell
      env
      recieve bacon

      Link Preview Image
      S 1 Reply Last reply
      0
      • viss@mastodon.socialV viss@mastodon.social

        another day, another ai supply chain backdoor.

        or, several hundred of em, anyway.

        lando@infosec.townL This user is from outside of this forum
        lando@infosec.townL This user is from outside of this forum
        lando@infosec.town
        wrote last edited by
        #3

        @Viss >=1 counts as “another”

        1 Reply Last reply
        0
        • viss@mastodon.socialV viss@mastodon.social

          another day, another ai supply chain backdoor.

          or, several hundred of em, anyway.

          r0k@mastodon.socialR This user is from outside of this forum
          r0k@mastodon.socialR This user is from outside of this forum
          r0k@mastodon.social
          wrote last edited by
          #4

          @Viss npm working as expected

          1 Reply Last reply
          0
          • viss@mastodon.socialV viss@mastodon.social

            id never considered pulling the ram out of the runner like that. when i steal github secrets its always through bad permisions on workflows but id shell the runner cuz its all env vars. super easy.
            get shell
            env
            recieve bacon

            Link Preview Image
            S This user is from outside of this forum
            S This user is from outside of this forum
            sharkfie@infosec.exchange
            wrote last edited by
            #5

            @Viss was this because of a self hosted runner that wasn't isolating builds correctly? I'm confused

            1 Reply Last reply
            1
            0
            • R relay@relay.infosec.exchange shared this topic
            Reply
            • Reply as topic
            Log in to reply
            • Oldest to Newest
            • Newest to Oldest
            • Most Votes

            • Login
            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent
            • Tags
            • Popular
            • World
            • Users
            • Groups