This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- FBI: North Korean IT Worker Threats to U.S. Businesses
July 23, 2025
The Federal Bureau of Investigation (FBI) is providing an update to previously shared guidance regarding Democratic People’s Republic of Korea (North Korea) Information Technology (IT) workers to raise public awareness of the threat posed to U.S. businesses. North Korea is evading U.S. and U.N. sanctions by targeting private companies to illicitly generate substantial revenue for the ...
- Key figure behind XSS.IS forum arrested in Ukraine
July 23, 2025
A long-running investigation led by the French Police and Paris Prosecutor, in close cooperation with their Ukrainian counterpart and Europol, has led to the arrest of the suspected administrator of xss.is, one of the world’s most influential Russian-speaking cybercrime platforms. The forum, which had more than 50 000 registered users, served as a key marketplace for ...
- Cambodia: Authorities arrest over 3,000 suspects in nationwide online scam crackdown
July 23, 2025
The Secretariat of the Commission for Combating Online Scams (CCOS) presented the results of an operation to suppress online scam activities across the Kingdom of Cambodia yesterday. After CCOS’s initial meeting on June 27 and Prime Minister Hun Manet’s strict directive on July 15, the Unified Administrative Command in all 25 capital and provincial administrations took ...
- Hundreds of organizations breached by SharePoint mass-hacks
July 23, 2025
Security researchers say hackers have breached at least 400 organizations by exploiting a zero-day vulnerability in Microsoft SharePoint, signaling a sharp rise in the number of detected compromises since the bug was discovered last week. Eye Security, a Dutch cybersecurity firm that first identified the vulnerability in SharePoint, a popular server software that companies use to ...
- Q2 2025 Ransomware Trends Analysis: Boom and Bust
July 22, 2025
Q2 2025 features many of the threat actors Rapid7 observed in Q1, with the top four leak site post groups quite a ways out in front of the rest. Qilin leads the pack by some distance, with SafePay and Akira in second place, and Play in third position. Lynx and INC Ransom lead the charge in ...
- #StopRansomware: Interlock
July 22, 2025
Since September 2024, Interlock ransomware actors have impacted a wide range of businesses and critical infrastructure sectors in North America and Europe. These actors are opportunistic and financially motivated in nature and employ tactics to infiltrate and disrupt the victim’s ability to provide their essential services. Interlock actors leverage a double extortion model, in which they ...