Legit Security Blog

Software Supply Chain Risks: What Every CISO Needs to Know

As software technology evolves, it’s being continuously integrated into nearly every aspect of business processes. And while this has given many businesses new tools to make their daily lives much easier and more efficient, it has also highlighted...

Read More

Why You Can Still Get Hacked Even After Signing Your Software Artifacts

Malicious actors are poisoning your artifacts in an attempt to infect your software supply chain so that you deploy those compromised (i.e. poisoned)...

Read More

New Software Supply Chain Attack Installs Trojans on Adobe's Magento E-Commerce Platform

A popular vendor of Magento-Wordpress plug-ins/integrations with over 200,000 downloads, has been hacked. This recent attack is a reminder that...

Read More

8 Best Practices in Cyber Supply Chain Risk Management to Stay Safe

In this blog post, we'll discuss how every business faces four different types of threats to their software supply chains. Use these 8 best practices...

Read More

Attackers Can Bypass GitHub Required Reviewers to Submit Malicious Code

Code reviews are an essential security guardrail, but GitHub’s required code reviewers' settings might be giving you a false sense of security – they...

Read More

Google & Apache Found Vulnerable to GitHub Environment Injection

In this blog post, we'll discuss a new type of GitHub Actions workflow vulnerability we called "GitHub Environment Injection". We've found a couple of

Read More

10 Agile Software Development Security Concerns You Need to Know

Agile software development is a type of methodology that centers around the core principle of flexibility. Agile development methods recognize that a...

Read More

LastPass Software Supply Chain Attack: What Happened and Tips to Protect Against Similar Attacks

LastPass, one of the world's largest password managers with 25 million users, disclosed that an unauthorized party had gained access to portions of...

Read More

5 Things You Need to Know About Application Security in DevOps

Application Security (AppSec) is the process of identifying, testing, and fixing security flaws in an application. It’s not so much about a singular...

Read More

Breaking News: How a Massive Malware Attack Almost Occurred on GitHub

Earlier today, Stephen Lacy published a Twitter post about a massive attack attempt on GitHub. This attack attempt is a huge deal, but fortunately it...

Read More

Stay Connected

 Please join our mailing list for future updates and announcements.