InfoWorld

GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments

Wiz has found threat actors exploiting GitHub tokens, giving them access to GitHub Action Secrets and, ultimately, cloud ...
Dark Reading

Supply Chain Attacks Targeting GitHub Actions Increased in 2025

At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open ...
Dark Reading

GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects

Researchers have uncovered an attack vector that affected GitHub open source projects owned by Google, Microsoft, Amazon Web Services, and others, executed by abusing artifacts generated as part of ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
InfoWorld

AI in CI/CD pipelines can be tricked into behaving badly

Malicious content in issues or pull requests can trick AI agents in CI/CD workflows into running privileged commands in an ...
CSOonline

GitHub Actions typosquatting: A high-impact supply chain attack-in-waiting

Developers who mistype names and owners of GitHub Actions expose their repositories and accounts to malicious code execution, with significant software supply chain implications, researchers have ...