Blog

Authors

Nadav Noy

Nadav Noy

Showing all posts by Nadav Noy

The Legit Security research team has found and reported a zero-click attack that allowed attackers to submit malicious code and access secrets.

Azure Devops Zero-Click CI/CD Vulnerability

January 31, 2024

The Legit Security research team has found and reported a zero-click attack that allowed attackers to submit malicious code and access secrets.

Legit Security | Uncovering 'AIJacking': How Attackers Exploit Hugging Face for AI Supply Chain Attacks - A Deep Dive into Vulnerabilities and Risks.

Legit Threats

Legit Discovers "AI Jacking" Vulnerability in Popular Hugging Face AI Platform

October 24, 2023

Uncovering 'AIJacking': How Attackers Exploit Hugging Face for AI Supply Chain Attacks - A Deep Dive into Vulnerabilities and Risks.

Legit Security | Uncover the security concerns in the era of AI and LLMs, delving into code opacity and application embedding risks.

Threats

The Risks of Being Blind to AI in Your Own Organization

October 10, 2023

Uncover the security concerns in the era of AI and LLMs, delving into code opacity and application embedding risks.

Legit Security | Explore Legit Security's revolutionary AI application security, risks, and solutions in our blog.

Explainers Legit

Securing AI-Generated Code

September 18, 2023

Explore Legit Security's revolutionary AI application security, risks, and solutions in our blog.

Legit Security | Learn how the use of Large Language Models (LLMs) like OpenAI's GPT and Google's Bard can create security risks in your applications.

Best Practices AppSec Threats

Emerging Risks with Embedded LLM in Applications

August 02, 2023

Learn how the use of Large Language Models (LLMs) like OpenAI's GPT and Google's Bard can create security risks in your applications.

Legit Security | CI/CD automates software development, while self-hosted runners enable general customization. SaaS platforms provide limited control.

DevOps Explainers

Securing Your CI/CD Pipeline: Exploring the Dangers of Self-Hosted Runners

July 26, 2023

CI/CD automates software development, while self-hosted runners enable general customization. SaaS platforms provide limited control.

Legit Security | 3CX, an international VoIP IPBX software, experienced software supply chain attack. We detail what occurred, and how it can be prevented.

Explainers AppSec Threats

Sophisticated 3CX Software Supply Chain Attack Affects Millions of Users

March 31, 2023

3CX, an international VoIP IPBX software, experienced software supply chain attack. We detail what occurred, and how it can be prevented.

Legit Security | Our team has found a vulnerability in Azure Pipelines (CVE-2023-21553) that allows an attacker to execute malicious code in a pipeline.

Threats

Remote Code Execution Vulnerability in Azure Pipelines Can Lead To Software Supply Chain Attack

March 30, 2023

Our team has found a vulnerability in Azure Pipelines (CVE-2023-21553) that allows an attacker to execute malicious code in a pipeline.

See how attackers used compromised Jenkins plugins to attack the software supply chain and how to continuously detect vulnerable Jenkins plugins at scale.

Best Practices Legit Threats

How to Continuously Detect Vulnerable Jenkins Plugins to Avoid a Software Supply Chain Attack

January 04, 2023

See how attackers used compromised Jenkins plugins to attack the software supply chain and how to continuously detect vulnerable Jenkins plugins at scale.

On Oct 7th, Toyota announced a possible data leakage incident. The compromised data contained 296,019 customers' private information, including customers' personal email addresses.

Threats

Toyota Customer Data Leaked Due To Software Supply Chain Attack

October 12, 2022

On Oct 7th, Toyota announced a possible data leakage incident. The compromised data contained 296,019 customers' private information, including customers' personal email addresses.

On the 29th of September, it was revealed that the installer for the widely used Comm100 Live Chat application included malicious trojan malware. The installer was compromised using a supply chain attack on the Comm100 development pipeline.

Threats

Software Supply Chain Attack Leads to Trojanized Comm100 Installer

October 03, 2022

On the 29th of September, it was revealed that the installer for the widely used Comm100 Live Chat application included malicious trojan malware. The installer was compromised using a supply chain attack on the Comm100 development pipeline.