This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- China-linked snoops have been exploiting Dell 0-day since mid-2024, using ‘ghost NICs’ to avoid detection
February 17, 2026
China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. It’s all part of a long-running effort to backdoor infected machines for long-term access, according to Google’s Mandiant incident response team. The US government and Google first warned about this campaign last year after detecting Brickstorm ...
- Critical Vulnerabilities in Ivanti EPMM Exploited
February 17, 2026
Two critical zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) affecting Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited in the wild, affecting enterprise mobile fleets and corporate networks. These vulnerabilities allow unauthenticated attackers to remotely execute arbitrary code on target servers, granting them full control over mobile device management (MDM) infrastructure without requiring user interaction or credentials. Read ...
- Indian pharmacy chain giant exposed customer data and internal systems
February 17, 2026
A major Indian pharmacy chain operated a flawed platform which exposed highly sensitive data of millions of users, experts have warned. DavaIndia Pharmacy, the pharmacy arm of Zota Healthcare, currently runs more than 2,300 stores across the country – however, its platform was bugged in a way that allowed unauthenticated users to create “super admin” ...
- Google patches first Chrome zero-day of the year
February 16, 2026
Google has patched a high-severity vulnerability in the Chrome browser which was apparently being used as a zero-day in the wild. In a security advisory, Google said it addressed CVE-2026-2441, a “use after free in CSS in Google Chrome prior to 145.0.7632.75”. This bug, given a severity score of 8.3/10 (high), allows threat actors to execute ...
- EU Parliament blocks AI tools over cyber, privacy fears
February 16, 2026
he European Parliament has disabled AI features on the work devices of lawmakers and their staff over cybersecurity and data protection concerns, according to an internal email seen by POLITICO. The chamber emailed its members on Monday to say it had disabled “built-in artificial intelligence features” on corporate tablets after its IT department assessed it couldn’t ...
- CVE-2024-43468: Attackers exploiting critical Microsoft bug from 2024
February 13, 2026
According to the US Cybersecurity and Infrastructure Security Agency (CISA) a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being actively exploited, exposing unpatched businesses and government agencies to attack. CISA added CVE-2024-43468 to its Known Exploited Vulnerabilities catalog on Thursday, setting a March 5 deadline for federal agencies to deploy the ...