Alex Ilgayev
Head of Security Research
Alex Ilgayev is a security researcher specializing in software supply chain security vulnerabilities. At Cycode, he leads the security research team, which is responsible for hunting down security issues and researching possible mitigations. He enjoys coding, reading about security-related topics, and participating in CTF competitions in his free time.
-
March 16, 2025
GitHub Action tj-actions/changed-files, Supply-Chain Attack: The Complete Guide
A major software supply chain attack recently struck the widely used tj-actions/changed-files GitHub Action—an alarming development that has impacted over...
-
February 13, 2025
How We Optimized CI/MON eBPF Sensor to Handle Thousands of Events per Second
The rapid evolution of eBPF (Extended Berkeley Packet Filter) has fundamentally changed the way developers think about system-level observability, performance monitoring, and...
-
August 1, 2024
Securing Artifacts: Keyless Signing with Sigstore and CI/MON
Artifact integrity is crucial in maintaining software security and trustworthiness. High-profile breaches like SolarWinds, CodeCov, 3CX, and JumpCloud have shown...
-
July 2, 2024
OpenSSH Vulnerability CVE-2024-6387: What You Need to Know
1 in 3 OpenSSH Servers Are Vulnerable – Protect Yourself Against CVE-2024-6387A critical security vulnerability, identified as CVE-2024-6387, has been discovered...
-
May 7, 2024
Cimon Delivers Continuous Assurance and Automatic SLSA Compliance
Cycode revolutionizes CI/CD security and pipeline integrity with its newest version of Cimon, which is part of the Cygives initiative...
-
April 1, 2024
XZ Backdoor Software Supply Chain Attack: Strengthening Our Defenses
A recent security discovery has exposed a critical vulnerability within the XZ Utils library (CVE-2024-3094). Malicious code was embedded in...
-
December 18, 2023
Three Lessons from the Ledger Connect Kit Supply Chain Attack
On December 14, 2023, the crypto community held its breath as news of a critical compromise involving the Ledger Connect...
-
August 1, 2023
How to Achieve SLSA Compliance in Azure Pipelines
We are excited to announce the release of a powerful tool designed to help companies achieve SLSA (Supply Chain Levels...
-
June 12, 2023
Introducing Cimon: Your Superhero for CI/CD Pipeline Security
We are excited to announce the release of Cimon, a revolutionary tool designed to secure your CI/CD pipelines through a...
-
March 14, 2023
From Default to Secure: Analyzing the Vulnerability that Could Have Compromised Microsoft 365 Users
As part of our ongoing research in the open-source ecosystem, Cycode Labs has found and disclosed a novel attack...
-
February 13, 2023
Cycode and AWS Collaborate on a 3-Part Series of Videos: Navigating the Complexities of Securing CI/CD Pipelines
In the fast-paced world of software development...
-
January 30, 2023
Cycode Discovers a Vulnerability in GitHub API Authorization – CVE-2022-46258
Cycode Labs discovered a vulnerability in Github’s API in which GitHub Actions workflows ...