1. GitHub Actions Workflows Exploited in Supply Chain Attacks Targeting Secrets Exfiltration
A new attack pattern targeting the open source supply chain has emerged over the past year, with attackers systematically exploiting GitHub Actions workflows to exfiltrate secrets such as API keys. These compromises serve a dual purpose: enabling attackers to publish malicious packages from controlled infrastructure wh...