This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- A Deep Dive into Water Gamayun’s Arsenal and Infrastructure
March 28, 2025
Water Gamayun, a suspected Russian threat actor also known as EncryptHub and Larva-208, has been exploiting the MSC EvilTwin (CVE-2025-26633), a zero-day vulnerability that was patched on March 11. In the first installment of this two-part series, Trend Research discussed in depth its discovery of an Water Gamayun campaign exploiting this vulnerability. In this blog entry, ...
- Again and again, NSO Group’s customers keep getting their spyware operations caught
March 28, 2025
On Thursday, Amnesty International published a new report detailing attempted hacks against two Serbian journalists, allegedly carried out with NSO Group’s spyware Pegasus. The two journalists, who work for the Serbia-based Balkan Investigative Reporting Network (BIRN), received suspicious text messages including a link — basically a phishing attack, according to the nonprofit. In one case, Amnesty ...
- Mozilla Releases Security Updates for Firefox
March 28, 2025
Mozilla has released security updates to address one critical vulnerability in Firefox and Firefox ESR. Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in Firefox’s Inter-process Communication (IPC) code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. Exploitation ...
- Google Releases Security Updates for Chrome
March 28, 2025
Google has released Chrome version 134.0.6998.177/.178 to address a high severity vulnerability, reported as exploited in the wild. A remote attacker could exploit this vulnerability to escape a sandbox via a malicious file. Google is aware that an exploit for CVE-2025-2783 exists in the wild. Affected organisations are encouraged to review the Chrome Release 134.0.6998.177/.178 Stable ...
- Cyberattacks climbing across Caribbean
March 28, 2025
Ransomware gangs FOG and Akira continue to be the main culprits behind a number of recent cyberattacks plaguing businesses locally and across the Caribbean, a cyber-security expert has indicated. According to Rory Ebanks, director of cybersecurity at Symptai Consulting Limited, the two ransomware gangs, which both emerged in the last three years, primarily exploit vulnerabilities in ...
- Security Update Released for CrushFTP
March 28, 2025
A vulnerability has been disclosed in CrushFTP, a file server supporting standard secure file transfer protocols, after being discovered by a security researcher. The vulnerability designated as CVE-2025-2825 is a critical ‘improper authentication’ vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow an unauthenticated attacker to craft remote and unauthenticated HTTP requests to CrushFTP, ...