Bleeping Computer

Supply chain attack on popular GitHub Action exposes CI/CD secrets

The GitHub Action is a very popular automation tool designed for GitHub Actions workflows. It allows developers to identify files changed in a pull request or commit and take actions based on those ...
CSOonline

Major GitHub repos leak access tokens putting code and clouds at risk

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure. An analysis of build ...
TheServerSide

Full GitHub Actions environment variables list for YAML build workflow scripts example

Community driven content discussing all aspects of software development from DevOps to design patterns. If a developer wants to build a workflow, shell script or build job of any merit, they’ll need ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
CSOonline

GhostAction campaign steals 3325 secrets in GitHub supply chain attack

GitGuardian has disclosed a new software supply chain attack campaign, dubbed GhostAction, that exfiltrated thousands of sensitive credentials before being detected and contained on September 5. The ...