All news with #github actions tag

PyPI Invalidates Tokens Stolen in GhostAction Attack

🔐 The Python Software Foundation has invalidated PyPI publishing tokens that were exfiltrated during the early-September GhostAction supply chain attack. GitGuardian first reported malicious GitHub Actions workflows attempting to steal secrets, and PyPI found no evidence that the stolen tokens were used to publish malware. Affected maintainers were contacted and advised to rotate credentials and adopt short-lived Trusted Publishers tokens for GitHub Actions. PyPI also recommended reviewing account security history for suspicious activity.

GitHub Actions workflows abused in 'GhostAction' campaign

🔒 GitGuardian disclosed a campaign called "GhostAction" that tampers with GitHub Actions workflows to harvest and exfiltrate secrets to attacker-controlled domains. Attackers modified workflow files to enumerate repository secrets, hard-code them into malicious workflows, and forward credentials such as container registry and cloud provider keys. The researchers say 3,325 secrets from 327 users across 817 repositories were stolen, and they published IoCs while urging maintainers to review workflows, rotate exposed credentials, and tighten Actions controls.

GhostAction GitHub Supply Chain Attack Exposes 3,325 Secrets

🚨 A GitHub supply chain campaign dubbed GhostAction has exposed 3,325 secrets across multiple package ecosystems and repositories. GitGuardian says attackers abused compromised maintainer accounts to insert malicious GitHub Actions workflows that trigger on push or manual dispatch, read repository secrets, and exfiltrate them via HTTP POST to an external domain. Compromised credentials include PyPI, npm, DockerHub, Cloudflare, AWS keys and database credentials; vendors were notified and many repositories reverted the changes.