-
Megalodon and the CI/CD trust problem
5,561 repos got malicious GitHub Actions workflows in six hours. No zero-day, just a merge. Detection and change-control guidance for defenders.
-
Your IDE is in the supply chain now: the GitHub 3,800 Repo Exfiltration Dissected
GitHub confirmed ~3,800 internal repos exfiltrated via a poisoned VS Code extension. We separate vendor-confirmed facts from campaign reporting and inference.
-
What a roomful of threat hunters taught us about detection engineering
Intel 471 skipped the vendor pitch and ran a live threat-hunting CTF. Every team found something different. The complete picture required the room.
-
BitLocker downgrade chains: boot trust still owns your disk
TPM-only BitLocker can fail faster than runbooks assume when legacy Secure Boot trust allows old boot managers. Here is what to change this week.