We'll be at Black Hat in Las Vegas! Connect with us in person -->

Blog Contact Us Sign In
Platform
Platform - ASPM Icon
Application Security Posture Management (ASPM)
Platform - Secrets Detection & Prevention
Secrets Detection & Prevention
Platform - Continuous Compliance and SBOM Icon
Continuous Compliance and SBOM
Platform - Software Supply Chain Security SSCS Icon
Software Supply Chain Security (SSCS)
Platform - AI Security Posture Management (AI-SPM) Icon
AI Security Posture Management (AI-SPM)
Platform - AppSec Vulnerability Management Icon
AppSec Vulnerability Management
Integrations
Why Legit
Why Legit - Customers Icon
Customers
Resources
Resources - Blog Icon
Blog
Resources - Resource Library Icon
Resource Library
Resources - Open Source with Legitify Icon
Open Source w/ Legitify
Resources - Events Icon
Events
Company - About Legit Icon 2
ASPM Knowledge Base
Company
Company - Partners Icon
Partners
Company - About Legit Icon 2
About Legit
Company - Press Releases Icon 1
Press Releases
Company - In the News Icon
In the News
Company - Careers Icon
Careers
image of blog Nadav Noy

Nadav Noy

Showing all posts by Nadav Noy

The Legit Security research team has found and reported a zero-click attack that allowed attackers to submit malicious code and access secrets.
AppSec Legit Threats SCMs

Azure Devops Zero-Click CI/CD Vulnerability

January 31, 2024

The Legit Security research team has found and reported a zero-click attack that allowed attackers to submit malicious code and access secrets.

Read More
Legit Security | Uncovering 'AIJacking': How Attackers Exploit Hugging Face for AI Supply Chain Attacks - A Deep Dive into Vulnerabilities and Risks.
Legit Threats

Legit Discovers "AI Jacking" Vulnerability in Popular Hugging Face AI Platform

October 24, 2023

Uncovering 'AIJacking': How Attackers Exploit Hugging Face for AI Supply Chain Attacks - A Deep Dive into Vulnerabilities and Risks.

Read More
Explore the security risks of generative AI, including code opacity and embedding concerns, in the evolving landscape of AI and LLMs.
Threats

Top Risks of Ignoring AI Code in Your Organization & LLM Embedding

October 10, 2023

Explore the security risks of generative AI, including code opacity and embedding concerns, in the evolving landscape of AI and LLMs.

Read More
Legit Security | Explore Legit Security's revolutionary AI application security, risks, and solutions in our blog.
Explainers Legit

Securing AI-Generated Code

September 18, 2023

Explore Legit Security's revolutionary AI application security, risks, and solutions in our blog.

Read More
Legit Security | Learn how the use of Large Language Models (LLMs) like OpenAI's GPT and Google's Bard can create security risks in your applications.
Best Practices AppSec Threats

Emerging Risks with Embedded LLM in Applications

August 02, 2023

Learn how the use of Large Language Models (LLMs) like OpenAI's GPT and Google's Bard can create security risks in your applications.

Read More
Legit Security | CI/CD automates software development, while self-hosted runners enable general customization. SaaS platforms provide limited control.
DevOps Explainers

Securing Your CI/CD Pipeline: Exploring the Dangers of Self-Hosted Runners

July 26, 2023

CI/CD automates software development, while self-hosted runners enable general customization. SaaS platforms provide limited control.

Read More
Legit Security | 3CX, an international VoIP IPBX software, experienced software supply chain attack. We detail what occurred, and how it can be prevented.
Explainers AppSec Threats

Sophisticated 3CX Software Supply Chain Attack Affects Millions of Users

March 31, 2023

3CX, an international VoIP IPBX software, experienced software supply chain attack. We detail what occurred, and how it can be prevented.

Read More
Legit Security | Our team has found a vulnerability in Azure Pipelines (CVE-2023-21553) that allows an attacker to execute malicious code in a pipeline.
Threats

Remote Code Execution Vulnerability in Azure Pipelines Can Lead To Software Supply Chain Attack

March 30, 2023

Our team has found a vulnerability in Azure Pipelines (CVE-2023-21553) that allows an attacker to execute malicious code in a pipeline.

Read More
See how attackers used compromised Jenkins plugins to attack the software supply chain and how to continuously detect vulnerable Jenkins plugins at scale.
Best Practices Legit Threats

How to Continuously Detect Vulnerable Jenkins Plugins to Avoid a Software Supply Chain Attack

January 04, 2023

See how attackers used compromised Jenkins plugins to attack the software supply chain and how to continuously detect vulnerable Jenkins plugins at scale.

Read More
On Oct 7th, Toyota announced a possible data leakage incident. The compromised data contained 296,019 customers' private information, including customers' personal email addresses.
Threats

Toyota Customer Data Leaked Due To Software Supply Chain Attack

October 12, 2022

On Oct 7th, Toyota announced a possible data leakage incident. The compromised data contained 296,019 customers' private information, including customers' personal email addresses.

Read More
On the 29th of September, it was revealed that the installer for the widely used Comm100 Live Chat application included malicious trojan malware. The installer was compromised using a supply chain attack on the Comm100 development pipeline.
Threats

Software Supply Chain Attack Leads to Trojanized Comm100 Installer

October 03, 2022

On the 29th of September, it was revealed that the installer for the widely used Comm100 Live Chat application included malicious trojan malware. The installer was compromised using a supply chain attack on the Comm100 development pipeline.

Read More

Request a Demo

Request a demo including the option to analyze your own software supply chain.

Request a Demo