Compromised GitHub action codfish/semantic-release-action steals CI/CD secrets
codfish/semantic-release-action was compromised on June 24, 2026. Attackers repointed v2–v5 tags to a Miasma credential-stealing payload targeting CI/CD secrets. Here's what happened and how to check…
Read the full articleYou might also wanna read
Miasma supply-chain attack targets AI coding assistants, forcing GitHub to disable 73 repositories
GitHub disabled 73 repositories across four Microsoft organizations on June 5 after the self-replicating supply-chain campaign known as Mias
Trivy GitHub Actions Compromised in Supply Chain Attack, Exposing CI/CD Secrets
Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.
GitHub disables 73 Microsoft repositories after detecting Miasma worm supply chain attack
Miasma worm shapeshifts, but cloud secret-scouting remains the goal
Malicious 'Miasma' Framework Compromises 32 Red Hat npm Packages in Supply Chain Attack
TeamPCP released Mini Shai-Hulud malware source code on GitHub, enabling rapid creation of variants targeting developer workstations and CI/

Supply Chain Attack via Malicious Commit Hits 73 Microsoft GitHub Repositories
GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a

Supply Chain Attack via Malicious Commit Hits 73 Microsoft GitHub Repositories
GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a
GitHub Disables 73 Microsoft Repositories After Miasma Worm Attack
On June 5, GitHub disabled 73 Microsoft-owned repositories after Miasma infiltrated projects across Azure, Azure-Samples, Microsoft, and Mic

Comments
Sign in to join the conversation.
No comments yet. Be the first.