This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.
This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume. This allows malicious actors with access to these artifacts the potential of compromising the services to which these secrets grant access.
Read more…
Source: Palo Alto Unit 42
Related:
- Israel: Dozens of actors fall victim to Iranian phishing attack
September 12, 2025
Dozens of Israeli actors have fallen victim to a phishing attack believed to originate from Iranian sources. According to a statement from the National Cyber Directorate, the actors were asked to submit filmed auditions and sensitive personal information—including photos of ID cards and passports—after receiving emails posing as a casting call for a new film by ...
- South Korea’s KT admits data breach
September 11, 2025
KT Corp has become the second South Korean mobile operator this year to report a cybersecurity breach to the country’s data protection authorities, with the operator confirming on Thursday that 5,561 customers may have had their subscriber data stolen by hackers. While the reported breach is nowhere near the magnitude of SK Telecom’s disastrous data breach, ...
- Attacker steals customer data from UK rail operator LNER during break-in at supplier
September 11, 2025
One of the UK’s largest rail operators, LNER, is the latest organization to spill user data via a third-party data breach.… It confirmed the incident on Wednesday, saying customer contact details and “some information about previous journeys” was accessed at a third-party supplier. London North Eastern Railway (LNER) did not name the third party responsible for ...
- France: Three Regional Healthcare Agencies Targeted by Cyber-Attacks
September 11, 2025
French regional healthcare agencies have been targeted by cyber-attacks compromising the personal data of patients across the country. On September 8, the regional healthcare agencies (ARS) for three regions, Hauts-de-France (Upper France), Normandy and Pays de la Loire (Lower Loire), issued security alerts warning about recent cyber-attacks carried out against the servers hosting the identity ...
- AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks
September 10, 2025
In early May 2025, Unit 42 researchers observed that AdaptixC2 was used to infect several systems. AdaptixC2 is a recently identified, open-source post-exploitation and adversarial emulation framework made for penetration testers that threat actors are using in campaigns. Unlike many well-known C2 frameworks, AdaptixC2 has remained largely under the radar. There is limited public documentation available ...
- Patch Tuesday – September 2025
September 10, 2025
Microsoft is addressing 176 vulnerabilities today, which seems like a lot, and it is. Curiously, Microsoft’s own Security Update Guide (SUG) for September 2025 Patch Tuesday only lists 86 vulns, and that’s because the SUG doesn’t include a large number of open source software (OSS) fixes published today as part of updates for Azure Linux ...