Cyber Defense Advisors

Critical GitHub Attack

This is serious:

A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have originated from an earlier breach of the “reviewdog/action-setup@v1” GitHub Action, according to a report.

[…]

CISA confirmed the vulnerability has been patched in version 46.0.1.

Given that the utility is used by more than 23,000 GitHub repositories, the scale of potential impact has raised significant alarm throughout the developer community.

 

Related Post

Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco

Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center.

Cyber News

BlackLock ransomware: What you need to know

What is the BlackLock ransomware? BlackLock is a relatively new ransomware group. First seen in March 2024, the ransomware operation

Cyber News

YouTube Game Cheats Spread Arcane Stealer Malware to

YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking

Cyber News

Smashing Security podcast #409: Peeping perverts and FBI

In episode 409 of the “Smashing Security” podcast, we uncover the curious case of the Chinese cyber-attack on Littleton’s Electric

Cyber News

Leave feedback about this

  • Quality
  • Price
  • Service
Choose Image