This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- M&S: WFH staff locked out of systems amid cyber attack fallout
April 28, 2025
M&S has shut remote-working employees out of some of its IT systems as it struggles to recover from the fallout of a cyberattack last week. The high street giant closed some of the programmes that staff use to log into the internal IT systems when working outside of the office, The Times reported. Cybersecurity experts said ...
- Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors
April 25, 2025
Trend Research uncovered a sophisticated APT campaign targeting government and telecommunications sectors in Southeast Asia. Named Earth Kurma, the attackers use advanced custom malware, rootkits, and cloud storage services for data exfiltration. Earth Kurma demonstrates adaptive malware toolsets, strategic infrastructure abuse, and complex evasion techniques. This campaign poses a high business risk due to targeted espionage, ...
- Triada strikes back
April 25, 2025
Older versions of Android contained various vulnerabilities that allowed gaining root access to the device. Many malicious programs exploited these to elevate their system privileges and gain persistence. The notorious Triada Trojan also used this attack vector. With time, the vulnerabilities were patched, and restrictions were added to the firmware. Specifically, system partitions in recent ...
- FBI Seeking Tips about PRC-Targeting of US Telecommunications
April 24, 2025
FBI is issuing this announcement to ask the public to report information about PRC-affiliated activity publicly tracked as “Salt Typhoon” and the compromise of multiple US telecommunications companies, especially information about specific individuals behind the campaign. Investigation into these actors and their activity revealed a broad and significant cyber campaign to leverage access into these ...
- Commvault Releases Security Updates for Command Center
April 24, 2025
Commvault has released a security advisory to address a critical vulnerability in its Command Center Platform. Command Center is Commvault’s all-in-one solution for managing Commvault services within a corporate environment. CVE-2025-34028 is a path traversal vulnerability with a CVSSv3 base score of 10.0, and if exploited could allow an unauthenticated attacker to upload ZIP files. The ...
- Android malware turns phones into malicious tap-to-pay machines
April 24, 2025
Got an Android phone? Got a tap-to-pay card? Then you’re like millions of other users now at risk from a new form of cybercrime – malware that can read your credit or debit card and hand its data over to an attacker. A newly discovered malicious program effectively turns Android phones into malicious tap machines that ...