▶ VIDEO Security Weekly - A CRA Resource

Your CI Pipeline Becomes the Attack

A compromised CI/CD pipeline transforms into a remote code execution vector whenever an attacker modifies a workflow or bypasses pinned dependencies. The transcript highlights that CI/CD systems effectively function as YAML files executing arbitrary bash scripts on third-party runners, often containing injected secrets via OpenID Connect or vaults. Once code executes in memory, attackers can dump that memory to pivot and gain full control, rendering security pinning ineffective against workflow modification. This architecture turns the build process into a direct entry point for total system compromise.

▶ VIDEO Black Hat

Black Hat Europe 2025 | Millions of Intranet Devices Are Facing Silent Takeover (On-Demand Only)

Researchers from Nanjing University of Posts and Telecommunications and independent security expert Nick Hsieh have identified a novel attack model capable of silently taking over millions of intranet devices without requiring public IP exposure. This method exploits cloud-based management channels and authentication flaws in protocols like MQTT, HTTPS, and TCP/UDP to bypass traditional security patches and gain remote control over devices connected only to power and network cables. The attack targets the initial device registration phase where manufacturers often fail to validate serial numbers or restrict topic wildcards, allowing attackers to forge management commands and hijack sessions. This finding reveals that widespread reliance on cloud management creates a systemic vulnerability overlooked by current patching strategies, affecting both home and enterprise IoT ecosystems.