- March 16, 2025
GitHub Action tj-actions/changed-files, Supply-Chain Attack: The Complete Guide
A major software supply chain attack recently struck the widely used tj-actions/changed-files GitHub Action—an alarming development that has impacted over...
- February 13, 2025
How We Optimized CI/MON eBPF Sensor to Handle Thousands of Events per Second
The rapid evolution of eBPF (Extended Berkeley Packet Filter) has fundamentally changed the way developers think about system-level observability, performance monitoring, and...
- August 1, 2024
Securing Artifacts: Keyless Signing with Sigstore and CI/MON
Artifact integrity is crucial in maintaining software security and trustworthiness. High-profile breaches like SolarWinds, CodeCov, 3CX, and JumpCloud have shown...
- July 2, 2024
OpenSSH Vulnerability CVE-2024-6387: What You Need to Know
1 in 3 OpenSSH Servers Are Vulnerable – Protect Yourself Against CVE-2024-6387 A critical security vulnerability, identified as CVE-2024-6387, has been...
- May 7, 2024
Cimon Delivers Continuous Assurance and Automatic SLSA Compliance
Cycode revolutionizes CI/CD security and pipeline integrity with its newest version of Cimon, which is part of the Cygives initiative...
- April 1, 2024
XZ Backdoor Software Supply Chain Attack: Strengthening Our Defenses
A recent security discovery has exposed a critical vulnerability within the XZ Utils library (CVE-2024-3094). Malicious code was embedded in...
- December 18, 2023
Three Lessons from the Ledger Connect Kit Supply Chain Attack
On December 14, 2023, the crypto community held its breath as news of a critical compromise involving the Ledger Connect...
- August 1, 2023
How to Achieve SLSA Compliance in Azure Pipelines
We are excited to announce the release of a powerful tool designed to help companies achieve SLSA (Supply Chain Levels...
- June 12, 2023
Introducing Cimon: Your Superhero for CI/CD Pipeline Security
We are excited to announce the release of Cimon, a revolutionary tool designed to secure your CI/CD pipelines through a...
- March 14, 2023
From Default to Secure: Analyzing the Vulnerability that Could Have Compromised Microsoft 365 Users
As part of our ongoing research in the open-source ecosystem, Cycode Labs has found and disclosed a novel attack...
- February 13, 2023
Cycode and AWS Collaborate on a 3-Part Series of Videos: Navigating the Complexities of Securing CI/CD Pipelines
In the fast-paced world of software development...
- January 30, 2023
Cycode Discovers a Vulnerability in GitHub API Authorization – CVE-2022-46258
Cycode Labs discovered a vulnerability in Github’s API in which GitHub Actions workflows ...