CSOonline

Bazel PoC attack highlights transitive vulnerability risk in custom GitHub Actions

A dependent action in Bazel could permit malicious code injection into a GitHub Actions workflow, highlighting risk from third-party dependencies. Security researchers demonstrated a software ...