The software supply chain recently suffered a sophisticated security breach involving the popular GitHub Action known as issues-helper. Security researchers discovered that this extensively used tool within the actions-cool organization was compromised when an attacker successfully manipulated its repository tags. Every existing release tag was systematically redirected to point toward imposter commits that do not […]
The post Malicious GitHub Action Steals Workflow Credentials In Supply Chain Attack appeared first on Cyber Security News.