TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials

By rooter

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server.

“Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action’s normal commit history,

Oh hi there đź‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there đź‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

rooter
Cyber Security

Chinese, N. Korean Threat Groups Build on Asia-Pacific Success

rooter
Cyber Security

CISA Rewrites Federal Patching Requirements for AI Threat Era

rooter

Leave a Reply

You Missed

News

Deezer launches an AI music detector for other streaming services

News

JDY Botnet Evolves After KV Takedown, Targets Military Networks

News

Anthropic Apologizes For One of the Guardrails on Its Fable 5 Model, and Will Change It

Cyber Security

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks