Techzine Europe

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to so-called "Comment and Control" attacks. These are Claude Code ...
Bleeping Computer

GitHub Actions being actively abused to mine cryptocurrency on GitHub servers

GitHub Actions is currently being abused by attackers to mine cryptocurrency on GitHub's servers in an automated attack. GitHub Actions is a CI/CD solution that makes it easy to setup periodic tasks ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
Dark Reading

Supply Chain Attacks Targeting GitHub Actions Increased in 2025

Some of the most significant software supply chain incidents over the past year were carried out by threat actors who exploited vulnerabilities in GitHub, the global repository widely used by software ...
heise online

Zig turns its back on GitHub: Frustration over Actions and Microsoft's AI course

The programming language Zig is leaving GitHub after ten years. The reason is problems with GitHub Actions, chaotic job scheduling, and Microsoft's AI direction. The programming language Zig is ...
CSOonline

GitHub Actions typosquatting: A high-impact supply chain attack-in-waiting

Developers who mistype names and owners of GitHub Actions expose their repositories and accounts to malicious code execution, with significant software supply chain implications, researchers have ...