Guillaume Valadon
@guedou.bsky.social
A geek. What else?
https://my.geekstory.net
https://my.geekstory.net
Reposted by Guillaume Valadon
-NoisyBear APT turns out to be a phishing test
-Qantas cuts executive pay by 15% after breach
-First AI-driven ransomware was just an academic project
-Nepal blocks 26 social media sites
-New GhostAction supply chain attack
Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS475/
-Qantas cuts executive pay by 15% after breach
-First AI-driven ransomware was just an academic project
-Nepal blocks 26 social media sites
-New GhostAction supply chain attack
Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS475/
September 8, 2025 at 8:36 AM
-NoisyBear APT turns out to be a phishing test
-Qantas cuts executive pay by 15% after breach
-First AI-driven ransomware was just an academic project
-Nepal blocks 26 social media sites
-New GhostAction supply chain attack
Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS475/
-Qantas cuts executive pay by 15% after breach
-First AI-driven ransomware was just an academic project
-Nepal blocks 26 social media sites
-New GhostAction supply chain attack
Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS475/
Reposted by Guillaume Valadon
CanSecWest2025_newtype (secwest.net) presentation: Fresh Secrets From The Docks - Lessons Learnt from Analyzing 15 millions Public DockerHub Images - Guillaume Valadon (@guedou.bsky.social) - Do you know what *your* blobs are leaking?
secwest.net - information nexus connector
CanSecWest2025_newtype LLM Safety and Information Security (April 24/25 2025)
secwest.net
March 18, 2025 at 5:06 PM
CanSecWest2025_newtype (secwest.net) presentation: Fresh Secrets From The Docks - Lessons Learnt from Analyzing 15 millions Public DockerHub Images - Guillaume Valadon (@guedou.bsky.social) - Do you know what *your* blobs are leaking?
Reposted by Guillaume Valadon
Bientôt en kiosque, mijoté par @guedou.bsky.social et la communauté
December 13, 2024 at 12:29 PM
Bientôt en kiosque, mijoté par @guedou.bsky.social et la communauté
We found the deleted payload used in the Ultraltrics supply chain attack from last week!
TLDR: it dumps the GitHub runner memory and exfiltrates both AccessToken and CacheServerUrl
blog.gitguardian.com/the-ultralyt...
TLDR: it dumps the GitHub runner memory and exfiltrates both AccessToken and CacheServerUrl
blog.gitguardian.com/the-ultralyt...
The Ultralytics Supply Chain Attack: Connecting the Dots with GitGuardian’s Public Monitoring Data
On December 4, 2024, the Ultralytics Python module was backdoored to deploy a cryptominer. Using GitGuardian’s data, we reconstructed deleted commits, connecting the dots with the initial analysis. Th...
blog.gitguardian.com
December 11, 2024 at 1:16 PM
We found the deleted payload used in the Ultraltrics supply chain attack from last week!
TLDR: it dumps the GitHub runner memory and exfiltrates both AccessToken and CacheServerUrl
blog.gitguardian.com/the-ultralyt...
TLDR: it dumps the GitHub runner memory and exfiltrates both AccessToken and CacheServerUrl
blog.gitguardian.com/the-ultralyt...
