23pds (ๅฑฑๅฅ)
@im23pds
Dad/@SlowMist_Team Partner&CISO/#Web3# Security Researcher/RedTeam/Pentester/Aiๅฎๅ
จ็ไบบ #bitcoin#
๊ฐ์
June 2014
6K ํ๋ก์ ์ค 15.2K ํฌ
๐โโ๏ธ
็ฐๅจๆฏๅคฉไธค็ผไธ็ๅฐฑๆฏๆฐ็CVEใๆฐ็ๆปๅป
๐ข
Today's two supply chain incidents are likely connected:
1. `actions-cool/issues-helper` was compromised
2. AntV was compromised shortly after
I noticed AntV was using `actions-cool/issues-helper@main` in GitHub Actions.
Rspack was not affected because we pin Actions to commit ids via renovate's `pinGitHubActionDigests`.
Strongly recommend enabling it.
๋ ๋ณด๊ธฐ
