Two security flaws were found in the GitHub environments of two extremely well-known open source projects from Apache and Google. These flaws might be used to surreptitiously alter project source code, alter project output, and travel between departments within a company.
Researchers at Legit Security claim that the problems include weaknesses in continuous integration/continuous delivery (CI/CD) that could endanger several other open source projects all over the world. Read More…