CircleCI - The Stack

CircleCI hackers grabbed customer tokens and keys, CTO admits, amid warning on SaaS secrets

Infiltrators dodged antivirus, stole encryption keys from a running process

Edward Targett January 16, 2023

CircleCI warns users to "immediately rotate all secrets" amid credential abuse evidence

Updated January 6, 11:00 BST: CircleCI has updated its advisory which deserves revisiting. CircleCI is calling on customers to “immediately rotate any and all secrets” after a security incident. The breach appears to have occurred around December 21 and to have gone unnoticed over the Christmas period. Credentials stolen...

The Stack January 05, 2023

Security over the total application lifecycle: Understanding assets, threat models

Security over the total application lifecycle: Understanding assets, threat models

"In most cases, it’s easier and more efficient to have a pipeline run when a change is detected in a key component"

Michael Stahnke November 08, 2021

CircleCI hackers grabbed customer tokens and keys, CTO admits, amid warning on SaaS secrets

CircleCI warns users to "immediately rotate all secrets" amid credential abuse evidence

Security over the total application lifecycle: Understanding assets, threat models