Article
The Advisory Told You to Update. It Didn't Tell You What's Already Running.
Patching the advisory isn't enough. If your CI pipeline ran during the compromise window, the compromised code is baked into your container images and still running. Here's how to find it.