URL has been copied successfully!
Compromised GitHub Action Steals Workflow Credentials
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Compromised GitHub Action Steals Workflow Credentials


Tags: , , , ,

A widely used GitHub Action, actions-cool/issues-helper, has been compromised in a supply chain attack that exposes sensitive CI/CD secrets to an attacker-controlled domain. The attack hinges on a subtle but powerful manipulation of Git tags. Instead of altering the visible commit history, the attacker moved all release tags to an “imposter commit” identified as 1c9e803, which does […] The post Compromised GitHub Action Steals Workflow Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

First seen on gbhackers.com

Jump to article: gbhackers.com/compromised-github-action/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as U.K. Boosts Cyber Assessment Framework
  2. Cybersecurity Snapshot: CISA Highlights Vulnerability Management Importance in Breach Analysis, as Orgs Are Urged To Patch Cisco Zero-Days
  3. Shai-Hulud & Co.: The software supply chain as Achilles’ heel
  4. Trivy Vulnerability Scanner Compromised to Inject Malicious Scripts That Steal Credentials