Skip to main content

Tag: imposter commits

1 article

Blurred computer terminal surrounded by development notes and empty coffee cups in a brightly-lit coding environment.

GitHub Actions Supply Chain Attack Exfiltrates CI/CD Credentials

A sneaky supply chain attack on GitHub Actions has led to the theft of CI/CD credentials, with hackers using a clever trick to redirect tags to fake commits that hide malicious code. By masquerading as legitimate commits, attackers were able to execute arbitrary code and evade pull request reviews.

Analyst 207