InfoQ

AWS Lambda Adds Support for GitHub Actions

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Vivek Yadav, an engineering manager from ...
CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
Hosted on MSN

Cyber-Attack Campaign GhostAction Targets GitHub Workflows

Security investigators uncovered a sweeping campaign named GhostAction supply chain campaign that compromised 327 GitHub user accounts across 817 repositories on 5 September 2025. Attackers inserted ...
InfoWorld

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own name. A ...
Dark Reading

10 Major GitHub Risk Vectors Hidden in Plain Sight

Risk vector: Package managers like npm, pip, Maven, and Go modules all enable pulling dependencies directly from GitHub repositories instead of official registries. Attack surface: Using mutable ...