On April 2, 2026, security researchers uncovered a massive, automated attack campaign targeting GitHub repositories. The attacker, using the account “ezmtebo,” launched over 475 malicious pull requests (PRs) in just 26 hours. They aimed at both major organizations and small hobbyist projects. This aggressive tactic reminded experts of previous AI-driven attacks. However, recent findings show […] The post Fake CI Updates Fuel GitHub Actions Attack Chain Stealing Secrets and Tokens appeared first on Cyber Security News.