
Sign up to save your podcasts
Or


Modern software delivery depends on CI/CD pipelines that move fast, trust automation, and touch virtually every sensitive asset in an organization — source code, cloud credentials, signing certificates, deployment keys, and more. That combination of broad access and low scrutiny has made pipelines one of the most attractive targets in the attacker playbook. This episode of Cybersecurity draws on the 8-minute deep-dive on CI/CD pipeline hijacking detection and prevention to map out how these attacks unfold and what defenders can do about it.
The episode walks through the full attack surface — from the first malicious commit to a poisoned production deployment — and explains why a successful pipeline hijack isn't just a breach but a potential supply chain catastrophe. Here's what's covered:
Whether you're a developer, a platform engineer, or a security practitioner, the core message is the same: the CI/CD pipeline is no longer just a productivity tool — it's critical security infrastructure that deserves the same scrutiny as anything else in your stack. For more from this show on related infrastructure-level threats, listen to BGP Hijacking: How Internet Routing Gets Weaponized.
SEC
By Eric LamannaModern software delivery depends on CI/CD pipelines that move fast, trust automation, and touch virtually every sensitive asset in an organization — source code, cloud credentials, signing certificates, deployment keys, and more. That combination of broad access and low scrutiny has made pipelines one of the most attractive targets in the attacker playbook. This episode of Cybersecurity draws on the 8-minute deep-dive on CI/CD pipeline hijacking detection and prevention to map out how these attacks unfold and what defenders can do about it.
The episode walks through the full attack surface — from the first malicious commit to a poisoned production deployment — and explains why a successful pipeline hijack isn't just a breach but a potential supply chain catastrophe. Here's what's covered:
Whether you're a developer, a platform engineer, or a security practitioner, the core message is the same: the CI/CD pipeline is no longer just a productivity tool — it's critical security infrastructure that deserves the same scrutiny as anything else in your stack. For more from this show on related infrastructure-level threats, listen to BGP Hijacking: How Internet Routing Gets Weaponized.
SEC