This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Supply chain attack on eScan antivirus: detecting and remediating malicious updates
January 29, 2026
On January 20, a supply chain attack has occurred, with the infected software being the eScan antivirus developed by an Indian company MicroWorld Technologies. The previously unknown malware was distributed through the eScan update server. The same day, our security solutions detected and prevented cyberattacks involving this malware. On January 21, having been informed by Morphisec, ...
- Microsoft Office zero-day lets malicious documents slip past security checks
January 29, 2026
Microsoft issued an emergency patch for a high-severity zero-day vulnerability in Office that allows attackers to bypass document security checks and is being exploited in the wild via malicious files. Microsoft pushed the emergency patch for the zero‑day, tracked as CVE-2026-21509, and classified it as a “Microsoft Office Security Feature Bypass Vulnerability” with a CVSS score ...
- CISA: Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858
January 28, 2026
Newly disclosed vulnerability Common Vulnerabilities and Exposures (CVE)-2026-24858 allows malicious actors with a FortiCloud account and a registered device to log in to separate devices registered to other users in FortiOS, FortiManager, FortiWeb, FortiProxy, and FortiAnalyzer, if FortiCloud single sign on (SSO) is ...
- SoundCloud data breach hit 29.8 million accounts
January 28, 2026
TechRadar now have confirmation exactly how many people were affected by the December 2025 breach at SoundCloud, as well as how users can check if they are affected. In mid-December 2025, SoundCloud confirmed suffering a cyberattack and losing sensitive data on about 20% of its user base – approximately 28 million people. The company did not ...
- No Agency Is Too Small
January 28, 2026
Back when nation-state threat actors were primarily targeting large government agencies, government contractors, and large companies, security through obscurity was a legitimate strategy. In years past, betting that attackers wouldn’t bother with smaller targets was a feasible way of operating. It’s feasible no longer. Hackers are better equipped than ever before, thanks in part to artificial ...
- HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
January 27, 2026
Over the past few years, we’ve been observing and monitoring the espionage activities of HoneyMyte (aka Mustang Panda or Bronze President) within Asia and Europe, with the Southeast Asia region being the most affected. The primary targets of most of the group’s campaigns were government entities. As an APT group, HoneyMyte uses a variety of sophisticated tools ...