A widespread supply chain attack, dubbed 'GhostAction,' compromised hundreds of GitHub repositories by injecting malicious workflow files to exfiltrate over 3,325 CI/CD secrets, including publishing tokens and cloud credentials, which led to attempts to access AWS environments and database services. The campaign affected 327 developers across 817 repositories, impacting projects in multiple programming languages and entire SDK portfolios.
Latest mentioned: 09-08
Earliest mentioned: 09-06