TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials

By rooter

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server.

“Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action’s normal commit history,

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

Why Your Clients’ Routers Are Now a National Security Conversation

rooter
Cyber Security

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

rooter
Cyber Security

Microsoft Exchange Zero-Day Under Attack, No Patch Available

rooter

Leave a Reply

You Missed

Cyber Security

Why Your Clients’ Routers Are Now a National Security Conversation

Cyber Security

GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials

Cyber Security

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

News

‘The Worst Leak That I’ve Witnessed’: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub