The way build artifacts are stored by the GitHub Actions platform could enable attackers to inject malicious code into software projects with CI/CD (continuous integration and continuous delivery) workflows that don’t perform sufficient filtering when downloading artifacts. Cybersecurity researchers have identified several popular artifacts download scripts used by thousands of repositories that are vulnerable to this issue.
“We have discovered that when transferring artifacts between different workflows, there is a major risk for artifact poisoning — a technique in which attackers replace the content of a legitimate artifact with a modified malicious one and thereby initiate a supply chain attack,” researchers from supply chain security firm Legit Security said in an analysis of the issue.
More Stories
Smashing Security podcast #411: The fall of Troy, and whisky barrel scammers
Renowned cybersecurity expert Troy Hunt falls victim to a phishing attack, resulting in the exposure of thousands of subscriber details,...
Stripe API Skimming Campaign Unveils New Techniques for Theft
A novel skimming attack has been observed by Jscramber, using the Stripe API to steal payment information by injecting malicious...
Royal Mail Investigates Data Breach Affecting Supplier
A cyber threat actor has claimed to have leaked 144GB of data from Royal Mail users Read More
Gray Bots Surge as Generative AI Scraper Activity Increases
Gray bots surge as generative AI scraper activity increases, impacting web applications with millions of requests daily Read More
Bybit Heist Fuels Record Crypto-Theft Surge, Says CertiK
Hackers stole $1.67bn of cryptocurrencies in the first quarter of 2025, a 303% increase Read More
Rational Astrologies and Security
John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“: There is another non-security...