Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
InfoWorld

GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments

Wiz has found threat actors exploiting GitHub tokens, giving them access to GitHub Action Secrets and, ultimately, cloud ...
CSOonline

Researchers demo new CI/CD attack techniques in PyTorch supply-chain

The proof of concept shows it's possible to upload malicious PyTorch releases to GitHub by exploiting insecure misconfigurations in GitHub Actions. A pair of security researchers managed to infiltrate ...
Hosted on MSN

Cyber-Attack Campaign GhostAction Targets GitHub Workflows

Security investigators uncovered a sweeping campaign named GhostAction supply chain campaign that compromised 327 GitHub user accounts across 817 repositories on 5 September 2025. Attackers inserted ...
InfoWorld

What is GitHub Actions? Automated CI/CD for GitHub

GitHub Actions is a platform built into GitHub that automates software building, testing, and deployment. GitHub, owned by Microsoft, is a hosting service for software development using Git, an open ...
WinBuzzer

GitHub Postpones Self-Hosted Action Runner Fees Following Community Revolt

GitHub has indefinitely postponed its controversial $0.002/minute fee for self-hosted Actions runners after intense backlash, ...