prt-scan: A 5-Phase GitHub Actions Credential Theft Campaign
A throwaway GitHub account submitted 219+ malicious pull requests in a single day, each carrying a 352-line payload that steals CI secrets, injects workflows, bypasses label gates, and scans /proc…
Read the full articleYou might also wanna read
How GitHub eliminated 20,000+ secret scanning alerts across 15,000 repositories in nine months
GitHub had 20,000+ secret scanning alerts across 15,000 repositories. Here's how we separated signal from noise and built remediation workfl
The case for GitHub Actions security after recent supply chain attacks
GitHub Actions workflows are vulnerable to pwn requests, script injection, and compromised credentials. Here's what's going wrong and what's
GitHub Actions workflows identified as common weak link in open source supply chain attacks
Anne Robinson would like a word with .github/workflows
Megalodon Attack: Malicious GitHub Actions Workflows Compromise Over 5,500 Open-Source Repositories
A forged commit. A workflow file disguised as a routine CI optimization. Within 6 hours, 5,561 GitHub repositories were backdoored. Cloud cr
Megalodon Attack: Malicious GitHub Actions Workflows Compromise Over 5,500 Open-Source Repositories
A forged commit. A workflow file disguised as a routine CI optimization. Within 6 hours, 5,561 GitHub repositories were backdoored. Cloud cr
Trivy GitHub Actions Compromised in Supply Chain Attack, Exposing CI/CD Secrets
Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.
Red Hat npm supply chain attack compromises 32 packages with credential-stealing malware
Dozens of packages in the @redhat-cloud-services npm namespace were backdoored with credential-stealing malware aimed at Red Hat developers

Comments
Sign in to join the conversation.
No comments yet. Be the first.