Netrise
Products
netrise-platform-icon
NetRise Platform
Analyze compiled code to create accurate SBOMs and uncover risk within the software that actually executes on your devices and throughout your enterprise.
ZeroLens-icon
NetRise ZeroLens
Identify weaknesses in compiled software before bad actors find and exploit them.
integration-menu-img
Integrations
NetRise integrates seamlessly into your workflow. Explore our ecosystem to secure your software supply chain.
Solutions
Solutions

Explore our comprehensive solutions designed to meet diverse industry needs and use cases, ensuring security, compliance, and maximum efficiency.

Featured Article
d654602309a74ff97e7cda24e838b73f
A CISO’s Guide to Reducing Software Supply Chain Risk
Use Cases
ph_seal-check-light
Compliance Adherence
Ensure compliance with global standards.
ph_chart-scatter-light
Continuous Monitoring
Real-time insights and alerts.
ph_warning-light
Holistic Risk Visibility
Achieve full visibility on vulnerabilities.
ph_list-checks-light
Inventory & Querying
Track and manage software assets.
ph_currency-circle-dollar-light
Return on Investment
Maximize risk-adjusted returns.
ph_hand-coins-light-1
SBOM Management
Maintain comprehensive software bills.
LockKey-Menu-Icon
Post-Quantum Cryptography Compliance
Be ready when quantum computing arrives.
ph_shield-check-light
EU CRA Compliance
Prove CRA readiness with evidence.
By Industry
ph_user-rectangle-light
Consulting Firms
Solutions for consultancy needs.
ph_barbell
Device Manufacturers
Compliance and security across devices.
ph_building-office-light
Enterprise Corporations
Security for large-scale environments.
ph_bank-light
Government Organizations
Reliable public sector solutions.
ph_ambulance-light
Healthcare
Secure and compliant healthcare data.
ph_lightning-light
Power & Utilities
Manage risk in critical infrastructure.
Resources
Explore NetRise

Find product docs, customer success stories, and company updates in one place.

Latest Resources
netrise-eu-cra-data-sheet-featured-img
NetRise & the EU Cyber Resilience Act (CRA): Compliance Data Sheet
Company
ph_users-three-light
About Us
Learn about NetRise
ph_briefcase-light
Careers
Explore careers with NetRise
ph_calendar-star-light
Events
Conferences, Webinars, and Podcasts
ph_shield-check-light
Security
Review NetRise security and compliance practices
ph_megaphone-light
Press Releases
Latest NetRise product and company updates
ph_newspaper-clipping-light
News & Awards
NetRise in the news, industry trends, and awards
Resource Library
note-light
Product Documents
Learn the platform, fast — briefs and data sheets
thumbs-up-light
Customer Success Stories
Outcome-focused stories from teams building and buying secure software
ph_newspaper-light
Deeper Dives
eBooks, Whitepapers, and longer-form content
ph_note-pencil-light
Blog
Stay informed with our latest articles
ph_microphone-light
Webinars, Podcasts, and Videos
Watch and listen on demand
ph_books-light
All Resources
Explore our full resource library by topic, industry, or asset
Blog Partners
Log in
Schedule a Demo
Log in
Schedule a Demo

BeEF Project Compromise

A single pull request can expose secrets and compromise your pipeline. See how a real CI/CD attack unfolded—and how to stop it before it happens.

Resource Library Research BeEF Project Compromise
Research

BeEF Project Compromise

A Silent Supply Chain Compromise—One Pull Request Away

A single workflow change in the BeEF open-source project introduced a critical vulnerability that allows any GitHub user to execute arbitrary code and steal sensitive secrets, without approval.This proven attack path was found hiding in plain sight across modern CI/CD pipelines.

Download Report
NetRise BeEF Compromise Report

Why This Report Matters

logo-star

Small CI/CD changes can have major consequences

What looks like a routine workflow update can create a direct path to code execution, secret theft, and repository compromise.

The risk is real and easy to overlook

This report examines a validated attack path that required no maintainer approval and only minimal attacker effort.

The lessons apply far beyond one project

This report analyzes a proven attack path rooted in a known CI/CD misconfiguration.

Key Insights

This attack didn’t require sophisticated tooling—just a pull request.

  • A “pwn request” vulnerability enabled arbitrary code execution in the CI pipeline
  • No privileges required—any GitHub user could trigger the exploit
  • Secrets, including GitHub tokens and third-party credentials, were immediately exposed
  • The compromised token enabled direct code changes, workflow manipulation, and release tampering

 

hacker-git-pull

What You'll Learn

Understand how a routine workflow becomes a supply chain attack—and how to stop it.

  • How pull_request_target turns CI pipelines into attack surfaces
  • The exact mechanics of a “pwn request” exploit
  • How attackers move from untrusted code to trusted execution
  • What secrets are exposed—and how they’re weaponized
  • The fastest path to containment, hardening, and prevention

 

git-pull-request
Download Report

You might also like

Learn how we helped the customers to reach the next level

View All
Podcast
NetRise’s Tom Pace on why telecom’s Salt Typhoon problem may never go away
Webinar
Dissecting Salt Typhoon: Inside the Campaign That Redefined Telecom Cyber Risk
Podcast
Thomas Pace Talks CISA, Cyber Threats & Supply Chain
Footer Logo Know Our Platform
Company
  • Platform
  • ZeroLens
  • Integrations
  • About us
  • Partners
  • Careers
  • Security
use cases
  • Compliance Adherence
  • Continuous Monitoring
  • Holistic Risk Visibility
  • Inventory & Querying
  • Return on investment
  • SBOM Management
Industries
  • Consulting Firms
  • Device manufactures
  • Enterprise Corporations
  • Government Organizations
  • Healthcare
  • Power & Utilities
Resource Library
  • Blog
  • Whitepapers & Briefs
  • Webinars & Podcasts
News & Updates
  • Announcements
  • News
  • Events
  • Awards
  • Media Kit
LinkedIn X (Twitter) Facebook YouTube
Copyright © 2026 NetRise, Inc. All Rights Reserved
Terms of Service Privacy Policy Cookie Policy
Real person here 👉
Lightbox Image