Security Boulevard

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.
SMEChannels

Tenable Research Uncovers Remote Code Execution Vulnerability in Microsoft GitHub Repository

The discovery involves a vulnerable GitHub workflow, within the Windows-driver-samples repository. Tenable Research has ...
CSOonline

Supply chain compromise of Ultralytics AI library results in trojanized versions

Attackers exploited a script injection vulnerability via GitHub Actions to inject malicious code during the automated build process, poisoning the resulting packages of the popular Python library.
CSOonline

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own name. A ...