daily threat intelligence

Enterprise Supply Chain

Google’s open-source GUAC initiative will make information for securing the software supply chain readily available to everyone.

GUAC will allow developers, auditors, and risk management teams to evaluate risk more easily in their codebases. What: Google is seeking contributors to a new open-source project it has launched called Graph for Understanding Artifact Composition or GUAC. The goal of the effort, according to the company is to democratize the availability of software build, […]

Read More

Vuln in GitHub Enterprise server could enable RCE on SVNBridge

Vulnerability has not been assigned a severity rating yet [242 words]. What:  A deserialization of untrusted data vulnerability (CVE-2022-23734 )exists in multiple GitHub Enterprise Server versions that could potentially let a remote attacker execute arbitrary code on the SVNBridge open-source extension for Microsoft Azure DevOps Server. To exploit the flaw, an attacker would need to have access […]

Read More