In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server.”Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action’s normal commit history,
First seen on thehackernews.com
Jump to article: thehackernews.com/2026/05/github-actions-supply-chain-attack.html
