GitHub, PyTorch and More Organizations Found Vulnerable to Self-Hosted Runner Attacks

Last July, we published an article exploring the dangers of vulnerable self-hosted runners and how they can lead to severe software supply chain attacks. A recent blog post by security researcher and bug bounty hunter Adnan Khan provides strong evidence for the threats we outlined and their destructive outcomes. GitHub itself was found vulnerable, as well as various notable organizations, such as PyTorch, Tensorflow, Microsoft DeepSpeed, and Chia Networks.

The post GitHub, PyTorch and More Organizations Found Vulnerable to Self-Hosted Runner Attacks appeared first on Security Boulevard.