Compromised GitHub Action Exfiltrates Workflow Credentials to Attacker Domain
Source: Cybersecuritynews
Published:
<p>A widely used GitHub Action called actions-cool/issues-helper has been compromised, with every version tag in the repository silently redirected to a malicious commit. The attack places stolen CI/CD pipeline credentials directly in the hands of an attacker, raising serious concerns for developmen