Cyber Security

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action's normal commit history,
Read More

Related Posts

Egnyte unveils Email Capture and AI features to unify fragmented data

Egnyte unveils Email Capture and AI features to unify f...

AI is drowning software maintainers in junk security reports

AI is drowning software maintainers in junk security re...

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo...

Public Instagram posts provide raw material for AI phishing campaigns

Public Instagram posts provide raw material for AI phis...

Babel Street targets AI-driven threats with new agentic investigation capabilities

Babel Street targets AI-driven threats with new agentic...

AI infrastructure is cracking under sovereignty demands

AI infrastructure is cracking under sovereignty demands