An automated campaign abusing GitHub’s pull_request_target workflow trigger to steal CI/CD secrets at scale. The attacker, using the handle ezmtebo, fired off more than 475 malicious pull requests (PRs) in just 26 hours, impersonating routine CI configuration updates to trick maintainers. The campaign hinges on a risky but still common misconfiguration: using pull_request_target while checking out untrusted code from forks. […] The post Fake GitHub CI Update Steals Secrets and Tokens appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/fake-github-ci/
