Cycode

Introducing Raven: CI/CD Pipeline Security with Open Source Vulnerability Scanner Starting with GitHub Actions

August 11, 2025October 25, 2023 by Oreen Livni

Cycode is proud to announce the public release of Raven…

Shadow Tokens: Persistence Under The Radar

April 29, 2025October 3, 2023 by Elad Pticha

Exposed credentials are one of the most abused methods for gaining initial access…

VS Code’s Token Security: Keeping Your Secrets… Not So Secretly

August 11, 2025August 7, 2023 by Oreen Livni

This is the full story of the vulnerability we have discovered within Visual Studio Code (VS Code) concerning the handling of secure token storage. While designed for isolated storage for each extension, this vulnerability presents…

Security Advisory: GitLab Malicious Runner Vulnerability

August 11, 2025May 9, 2023 by Elad Pticha

GitLab, has recently patched a critical vulnerability that allows attackers to attach malicious runners…

Enhancing CI/CD Pipeline Security with OIDC Tokens for Cloud Authentication

November 13, 2025April 21, 2023 by Elad Pticha

As the demand for faster and more efficient application deployment grows, the use of pipelines…

From Default to Secure: Analyzing the Vulnerability that Could Have Compromised Microsoft 365 Users

August 11, 2025March 14, 2023 by Alex Ilgayev

As part of our ongoing research in the open-source ecosystem, Cycode Labs has found and disclosed a novel attack…

Cycode Discovers a Vulnerability in GitHub API Authorization – CVE-2022-46258

August 11, 2025January 30, 2023 by Alex Ilgayev

Cycode Labs discovered a vulnerability in Github’s API in which GitHub Actions workflows …

Cycode Collaborates with CodeSee to Secure the Pipelines of Thousands of Open-Source Projects

April 3, 2024December 12, 2022 by Alex Ilgayev

Securing open-source projects is hard. Securing CI workflows…

CI-Story: How We Found Critical Vulnerabilities in StoryBook Project

April 3, 2024December 1, 2022 by Alex Ilgayev

Cycode found several vulnerabilities in its GitHub Actions development pipeline that may have allowed any user on the internet to run arbitrary code …

All Roads Lead to Build Secrets – Or How Your Build System Could Expose The Production Environment

April 3, 2024June 28, 2022 by Alex Ilgayev

Every software manufacturer nowadays implements robust DevOps processes to increase its ability to deliver applications and services at high velocity. These processes usually include testing, building, packaging, deploying, and additional autonomous procedures. This article will demonstrate that the race to embrace CI/CD capabilities has introduced subtle new risks. An especially significant risk that most organizations … Read more

Start Securing the 10x Developer TodayDiscover the power of Cycode for your team.

Start Securing the 10x Developer Today
Discover the power of Cycode for your team.