In this week's episode, Patrick Gray, Adam Boileau, and James Wilson discuss various cybersecurity topics, including a compromise involving Github Actions, Instructure's payment to data extortionists, new Linux vulnerabilities, and CISA's efforts to help critical infrastructure operators. The episode is sponsored by Sublime Security, featuring a discussion on the evaluation of agentic AI amid market fatigue.
The most valuable insight for you is the discussion on the TanStack compromise using GitHub Actions. This highlights the ongoing threat of supply chain attacks leveraging CI/CD tools, emphasizing the need for robust security measures around these environments. As someone focused on threat intelligence and incident response, consider reassessing your organization's CI/CD security policies and monitoring practices to mitigate similar risks.