GitHub Actions is a tool tracked across 50 threat clusters and 137 intelligence report mentions on ThreatCluster. First observed November 11, 2025; most recent activity July 14, 2026.
The TeamPCP threat group has expanded its supply chain attack campaign, compromising the Microsoft DurableTask Python client with versions v1.4.1, v1.4.2, and v1.4.3 found to contain a credential-stealing worm. This…
A high-severity vulnerability (CVE-2026-12957) in Amazon Q Developer for Visual Studio Code allowed attackers to execute arbitrary code and steal AWS credentials by automatically loading malicious MCP server…
On March 24, 2026, two versions of the LiteLLM Python package (1.82.7 and 1.82.8) were compromised on PyPI, embedding credential-stealing payloads. The attack, linked to the TeamPCP threat actor, exploited a…
A malicious version of the Bitwarden CLI password manager was distributed via npm, affecting version 2026.4.0 for a brief window on April 22, 2026. The attack exploited a compromised GitHub Action in Bitwarden's CI/CD…
US officials suspect Iranian hackers have breached automatic tank gauge (ATG) systems at gas stations across multiple states. The attackers exploited unprotected internet-connected systems, allowing them to manipulate…
A newly disclosed vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named 'Copy Fail', allows unprivileged local users to gain root access on virtually all major Linux distributions released since 2017.…
A critical vulnerability in Google’s Gemini CLI, tracked as CVE-2026-12537, has been disclosed, enabling attackers to execute arbitrary code in CI/CD environments, particularly within GitHub Actions workflows. This flaw…
Checkmarx reported a malicious version of its Jenkins AST plugin was uploaded to the Jenkins Marketplace on May 9, 2026. This backdoored plugin, which affects security scans in Jenkins CI pipelines, poses a significant…
A critical flaw in Microsoft's Windows-driver-samples GitHub repository allowed for remote code execution (RCE) via issue submissions. The vulnerability, identified by Tenable, enabled attackers to inject arbitrary…
A critical supply chain vulnerability in Claude Code’s GitHub Actions, identified by security researcher Ryota K from GMO Flat Security, allows attackers to compromise any repository using Anthropic’s CI/CD workflow.…