Security News > 2024 > January > TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks
2024-01-18 12:34
Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to "conduct a supply chain compromise of TensorFlow releases on GitHub and PyPi by compromising TensorFlow's build agents via
News URL
https://thehackernews.com/2024/01/tensorflow-cicd-flaw-exposed-supply.html
Related news
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- It's only a matter of time before LLMs jump start supply-chain attacks (source)
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)