All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Compromised GitHub action codfish/semantic-release-action steals CI/CD secrets

codfish/semantic-release-action was compromised on June 24, 2026. Attackers repointed v2–v5 tags to a Miasma credential-stealing payload targeting CI/CD secrets. Here's what happened and how to check…

Read the full article
16d ago

You might also wanna read

Miasma supply-chain attack targets AI coding assistants, forcing GitHub to disable 73 repositories

GitHub disabled 73 repositories across four Microsoft organizations on June 5 after the self-replicating supply-chain campaign known as Mias

jdsupra.com·1mo ago

Trivy GitHub Actions Compromised in Supply Chain Attack, Exposing CI/CD Secrets

Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.

socket.dev·3mo ago

GitHub disables 73 Microsoft repositories after detecting Miasma worm supply chain attack

Miasma worm shapeshifts, but cloud secret-scouting remains the goal

theregister.com·1mo ago

Malicious 'Miasma' Framework Compromises 32 Red Hat npm Packages in Supply Chain Attack

TeamPCP released Mini Shai-Hulud malware source code on GitHub, enabling rapid creation of variants targeting developer workstations and CI/

briefly.co·1mo ago

Supply Chain Attack via Malicious Commit Hits 73 Microsoft GitHub Repositories

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a

redmondmag.com·1mo ago

Supply Chain Attack via Malicious Commit Hits 73 Microsoft GitHub Repositories

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a

redmondmag.com·1mo ago

GitHub Disables 73 Microsoft Repositories After Miasma Worm Attack

On June 5, GitHub disabled 73 Microsoft-owned repositories after Miasma infiltrated projects across Azure, Azure-Samples, Microsoft, and Mic

briefly.co·1mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.