GitHub has released actions/checkout v7, introducing a critical security enforcement that blocks one of the most exploited vulnerability patterns in CI/CD pipelines, the “pwn request.” The update, generally available as of June 18, 2026, targets misconfigured pull_request_target workflows that have historically enabled attackers to execute malicious code with elevated repository privileges. The pull_request_target event executes workflows with the base repository’s GITHUB_TOKEN, […]
The post GitHub Actions Checkout Update Blocks Malicious pull_request_target Workflows appeared first on Cyber Security News.