Skip to content
The Nexus
SECURITYMay 19 · 05:28 UTCTHE HACKER NEWS[email protected] (The Hacker News)

GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials

Threat actors have compromised the GitHub Actions workflow actions-cool/issues-helper to steal sensitive credentials. The attack redirects existing tags to an imposter commit, exfiltrating credentials to an attacker-controlled server. This is a software supply chain attack targeting GitHub users.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this