News

TechCrunch6y
GitHub launches Actions, its workflow automation tool
Today, the company, which is in the process of being acquired by Microsoft, is taking a step in a different but related direction by launching GitHub Actions. Actions allow developers to not just ...
Yahoo Finance3y
Legit Security Discovers GitHub Privilege Escalation Vulnerabilities and Warns Organizations of Potential Software Supply Chain Attacks
today announced the responsible disclosure of recently found GitHub-Actions pipeline privilege escalation vulnerabilities. These vulnerabilities open the door to software supply chain attacks ...
Infosecurity-magazine.com2mon
Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise
A recent supply chain attack that compromised the popular tj-actions/changed-files GitHub ... specifically its open-source agentkit GitHub project. The attackers attempted to exploit the project's ...
heise online2mon
Attack via GitHub action tool spied out secrets and stored them in log file
Anyone using the tool in their GitHub action pipeline should therefore always check the build logs for suspicious content. If double Base64-encoded sections are found in the logs, not only should ...
Yahoo Finance1y
StepSecurity Launches GitHub Actions Security Platform to Address Escalating CI/CD Pipeline Risks
SEATTLE , Aug. 8, 2023 /PRNewswire/ -- StepSecurity, a leader in CI/CD Security, has announced the launch of its GitHub Actions Security Platform to counter escalating cyber threats targeting CI ...