Compromised GitHub Action Exfiltrates Workflow Credentials to Attacker Domain

📅 19 May 2026 at 15:11 UTC📰 Cyber Security NewsView original source ↗

A widely used GitHub Action called actions-cool/issues-helper has been compromised, with every version tag in the repository silently redirected to a malicious commit. The attack places stolen CI/CD pipeline credentials directly in the hands of an attacker, raising serious concerns for development teams around the world that rely on this action in their automated workflows. […] The post Compromised GitHub Action Exfiltrates Workflow Credentials to Attacker Domain appeared first on Cyber Security News.

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News ↗

← Back to feed