Posts Tagged "GitHub Actions"
Your CI Pipeline Is the Attack Surface. GitHub's Defaults Made It That Way.
tj-actions hit 23,000 repos. nx exfiltrated 5,000. elementary-data went from a comment by a two-day-old account to a malicious PyPI wheel in ten minutes. Different payloads, same five GitHub Actions defaults. Here's the chain - annotated.
Read Post
Newsletter
Get new posts in your inbox
A short note when a new essay goes live. No spam, no noisy sequence.