CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
InfoWorld

Thousands of open source projects at risk from hack of GitHub Actions tool

App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was ...
Dark Reading

Supply Chain Attacks Targeting GitHub Actions Increased in 2025

Some of the most significant software supply chain incidents over the past year were carried out by threat actors who exploited vulnerabilities in GitHub, the global repository widely used by software ...
Computing

GitHub supply-chain attack threatens 23,000 organisations

A supply chain attack on a GitHub Actions tool has put up to 23,000 organisations at risk of having credentials stolen. GitAub Actions is a CI/CD platform that automates code testing and deployment.
Dark Reading

Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines

An attacker submitting changes to an open source repository on GitHub could cause downstream software projects that include the latest version of a component to compile updates with malicious code.
WinBuzzer

GitHub Actions Called ‘Internet Explorer of CI’ in Scathing Critique

A former CircleCI employee has called GitHub Actions 'the Internet Explorer of CI,' revealing systemic issues costing engineering teams up to 20% of weekly productivity.