SECURITYTHE HACKER NEWS
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
Threat actors have compromised the GitHub Actions workflow actions-cool/issues-helper to steal sensitive credentials. The attack redirects existing tags to an imposter commit, exfiltrating credentials to an attacker-controlled server. This is a software supply chain attack targeting GitHub users.