Tag

#GitHub Actions

6 stories taggedGitHub Actions.

Full-frame overhead view of a developer's dark desk, glowing keyboard, terminal windows on a monitor showing package installation progress with faint red warnin
Threat Intelligence

Trojanised AsyncAPI packages slip onto npm, hitting a library downloaded 2.25 million times a week

Attackers hijacked a GitHub build pipeline on 14 July to publish five poisoned versions of AsyncAPI tools, wiring in a stealthy info-stealer that talks to its operators over Ethereum and peer-to-peer networks.

4 min read
Threat Intelligence

Mini Shai-Hulud Worm Jumps to Go, Hits LeoPlatform and RStreams npm Packages

The self-propagating supply chain campaign tied to Miasma and Hades has spread again — abusing GitHub Actions workflows and now reaching Go modules.

2 min read
Vulnerabilities

Cordyceps Flaw Class Hands Attackers the Keys to 300+ GitHub Repos

A newly catalogued CI/CD weakness lets attackers hijack workflows at Microsoft, Google and Apache projects, researchers say.

2 min read
AI Security

One GitHub Issue Was Enough to Pwn Repos Running Claude Code Action

A bug in Anthropic's Claude Code GitHub Action turned issue triage into arbitrary code execution — including, briefly, against the action's own repo.

2 min read
Threat Intelligence

Megalodon Campaign Pushed 5,718 Malicious Commits Into GitHub Repos in Six Hours

An automated backdooring operation abused compromised GitHub credentials to silently inject base64-encoded bash payloads into CI/CD workflows across more than 5,500 public repositories on May 18.

2 min read
Threat Intelligence

Megalodon Campaign Plants Malicious Workflows in 5,561 GitHub Repos in Six Hours

Throwaway accounts pushed 5,718 commits forging build-bot identities to exfiltrate CI/CD secrets, researchers said.

2 min read
© 2026 Threat Vectr