Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsStudyTraining
ProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Study
Training
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1310+ Articles
157+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
14 articles

#CI/CD

All CosmicBytez Labs articles tagged #CI/CD, across news, security advisories, how-to guides, and projects.

  • NewsMay 24, 2026

    Megalodon GitHub Attack Targets 5,561 Repos with Malicious

    Cybersecurity researchers have uncovered Megalodon, an automated attack campaign that pushed 5,718 malicious commits to over 5,500 GitHub repositories in...

  • NewsMay 19, 2026

    Popular GitHub Action Tags Redirected to Imposter Commit to

    Threat actors have compromised the widely-used actions-cool/issues-helper GitHub Action, redirecting every existing tag to a malicious imposter commit...

  • SecurityMay 19, 2026

    CVE-2026-25244 — WebdriverIO Command Injection RCE via Git

    A command injection vulnerability in WebdriverIO below version 9.24.0 allows remote code execution through malicious git branch names containing shell...

  • NewsMay 17, 2026

    Living Off the Pipeline: Defending Against CI/CD Subversion

    Adversaries are increasingly weaponizing CI/CD pipelines as a living-off-the-land vector — abusing trusted build infrastructure to execute attacks without...

  • NewsMay 1, 2026

    Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for

    A new supply chain attack campaign dubbed BufferZoneCorp has been observed using sleeper packages in RubyGems and Go module registries to push...

  • NewsApr 30, 2026

    Google Fixes CVSS 10 Gemini CLI RCE and Cursor Flaws Enable

    Google has patched a maximum severity vulnerability in its Gemini CLI npm package and GitHub Actions workflow that allowed unprivileged attackers to...

  • NewsMar 23, 2026

    Trivy Supply Chain Attack Targets CI/CD Secrets

    The open-source Trivy security scanner was weaponized by threat actor TeamPCP in a supply chain attack that hijacked 75 release tags to deploy an...

  • NewsMar 20, 2026

    Trivy Security Scanner GitHub Actions Breached — 75 Tags

    Trivy, Aqua Security's widely used open-source vulnerability scanner, was compromised a second time in a month. Attackers hijacked 75 GitHub Actions tags...

  • SecurityMar 18, 2026

    CVE-2026-25534: Spinnaker SSRF via URL Validation Bypass

    A critical SSRF vulnerability (CVSS 9.1) in Spinnaker's clouddriver and orca components bypasses the previous CVE-2025-61916 URL validation patch through...

  • NewsMar 11, 2026

    UNC6426 Weaponizes Old nx npm Supply Chain Compromise to

    Threat actor UNC6426 leveraged stolen credentials from last year's nx npm supply chain attack to achieve full AWS administrator access at a victim...

  • ProjectMar 11, 2026

    Claude Code for IT Operations: Building a Multi-Project

    Transform Claude Code from a chatbot into a DevOps co-pilot. Set up CLAUDE.md templates, custom hooks, reusable agents, deployment skills, and MCP server...

  • ChecklistMar 11, 2026

    Application Deployment Security Checklist

    Pre-deployment checklist for launching new applications into production — security review gates, monitoring setup, rollback procedures, dependency...

  • HOWTOMar 9, 2026

    How to Secure GitHub Actions Workflows with OIDC, SHA

    Harden your CI/CD pipeline by replacing long-lived secrets with OIDC short-lived tokens, pinning third-party actions to commit SHAs, enforcing...

  • ProjectFeb 3, 2026

    CI/CD Pipeline with GitHub Actions and Azure

    Build a secure CI/CD pipeline with GitHub Actions deploying to Azure. Covers build, test, security scanning (SAST/DAST), and deployment with OIDC...