This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Stellantis detects breach at third-party provider for North American customers
September 22, 2025
Stellantis detected unauthorized access to a third-party service provider’s platform that supports its North American customer service operations, the company said in a statement on Sunday. The automaker said the incident, which is under investigation, exposed only basic contact information and did not involve financial details or sensitive personal data. Stellantis did not specify how many ...
- Cyber-attack causes delays at Heathrow and other European airports
September 20, 2025
Heathrow is among several European airports hit by a cyber-attack affecting an electronic check-in and baggage system. The airport warned of possible delays due to a “technical issue” affecting software provided by Collins Aerospace to several airlines. Brussels Airport said a cyber-attack on Friday night meant passengers were being checked in and boarded manually, while Berlin’s ...
- WatchGuard warns users Firebox firewalls may have a critical issue
September 19, 2025
WatchGuard has fixed a critical-severity vulnerability affecting its Firebox firewalls and is urging users to apply the newly released patch without hesitation. In a security advisory, the company said it addressed an out-of-bounds write vulnerability in the WatchGuard Fireware OS iked process, which “may allow a remote unauthenticated attacker to execute arbitrary code”. The vulnerability was ...
- CVE-2025-10035 – Critical unauthenticated RCE in GoAnywhere MFT
September 19, 2025
On September 18, 2025, Fortra published an advisory for CVE-2025-10035. This new vulnerability affects GoAnywhere MFT, an enterprise managed file transfer solution, and allows an attacker to achieve unauthenticated remote code execution. GoAnywhere MFT is a file transfer solution that has been exploited in-the-wild in the past. In 2023, CVE-2023-0669 was exploited in-the-wild as a zero-day, ...
- Threat landscape for industrial automation systems in Q2 2025
September 19, 2025
In Q2 2025, the percentage of ICS computers on which malicious objects were blocked decreased by 1.4 pp from the previous quarter to 20.5%. Compared to Q2 2024, the rate decreased by 3.0 pp. Regionally, the percentage of ICS computers on which malicious objects were blocked ranged from 11.2% in Northern Europe to 27.8% in Africa. ...
- How AI-Native Development Platforms Enable Fake Captcha Pages
September 19, 2025
Artificial intelligence has revolutionized web development, empowering even novice users to create professional-looking websites. Tools like Lovable enable anyone to build and host applications with little to no coding knowledge, while Netlify and Vercel position themselves as AI-native development platforms. However, cybercriminals are increasingly exploiting these services to create and host fake captcha challenge websites, which ...