This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Age verification vendor Persona left frontend exposed
February 20, 2026
Researchers investigating Discord’s age-verification checks say they discovered an exposed frontend belonging to Persona, the identity-verification vendor used by Discord. It revealed a far more expansive surveillance and financial intelligence stack than a simple “teen safety” tool. A short while ago we reported that Discord will limit profiles to teen-appropriate mode until you verify your age. ...
- ShinyHunters demands $1.5M not to leak Vegas casino and resort chain data
February 20, 2026
Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters. On Friday, the cybercrime crew listed the hospitality company on its blog, claiming to have stolen more than 800,000 records containing employees’ Social Security numbers and other private details. The extortionists set a February 23 deadline ...
- Ukrainian gets five years for helping North Koreans secure US tech jobs
February 20, 2026
Ukrainian national Oleksandr Didenko will spend the next five years behind bars in the US for his involvement in helping North Korean IT workers secure fraudulent employment. The 29-year-old played a role in supporting individuals working for a hostile regime to get contracts in the US. In November 2025, Didenko pleaded guilty to wire fraud and ...
- FBI: Increase in malware enabled ATM jackpotting incidents across United States
February 19, 2026
The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) and technical details associated with malware enabled ATM jackpotting. Threat actors exploit physical and software vulnerabilities in ATMs and deploy malware to dispense cash without a legitimate transaction. The FBI has observed an increase in ATM jackpotting incidents across the ...
- AI-generated passwords are a security risk
February 19, 2026
Using Artificial Intelligence (AI) to generate your passwords is a bad idea. It’s likely to give that password to a criminal who can then use it in a dictionary attack—which is when an attacker runs through a prepared list of likely passwords (words, phrases, patterns) with automated tools until one of them works, instead of ...
- Arkanix Stealer: C++ and Python infostealer
February 19, 2026
In October 2025, Kaspersky researchers discovered a series of forum posts advertising a previously unknown stealer, dubbed “Arkanix Stealer” by its authors. It operated under a MaaS (malware-as-a-service) model, providing users not only with the implant but also with access to a control panel featuring configurable payloads and statistics. The set of implants included a publicly ...