Compromised GitHub Action Steals Workflow Credentials
Source: Gbhackers
Published:
<p>A widely used GitHub Action, actions-cool/issues-helper, has been compromised in a supply chain attack that exposes sensitive CI/CD secrets to an attacker-controlled domain. The attack hinges on a subtle but powerful manipulation of Git tags. Instead of altering the visible commit history, the at