GitHub has rolled out a significant security enhancement to GitHub Actions by updating actions/checkout to block unsafe workflows that abuse the pull_request_target event. The pull_request_target trigger is widely known as one of the most misused events because it runs with the base repository’s GITHUB_TOKEN, secrets, and default-branch cache access, even when the pull request comes from an untrusted fork. When maintainers check […]
The post GitHub Actions Checkout Update Blocks Workflows Triggered by Malicious pull_request_target appeared first on Cyber Security News.