VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

GitHub Actions tags redirected to imposter commits — CI/CD credentials exfiltrated

Теги GitHub Actions перенаправлены на импостер‑коммиты — похищают CI/CD учётные данные

Colleagues, I’d like to highlight a cybersecurity incident: the GitHub Action actions-cool/issues-helper has been compromised. StepSecurity found that all tags point to imposter commits containing malicious code that downloads Bun, reads Runner.Worker memory to extract credentials, and exfiltrates them to t.m-kosche[.]com. Fifteen tags of actions-cool/maintain-one-comment are also compromised; GitHub has disabled access. Only workflows pinned to the full SHA remain safe. Why this matters: attackers gain code execution in CI/CD, steal credentials, and threaten the software supply chain. Do you pin actions to full SHAs or plan alternative mitigations? #cybersecurity #supplychain #CI_CD #GitHubActions

Latest comments

No comments yet.