Home/Tag/Github Actions

Github Actions

5 articles tagged with "Github Actions"

Malware4 min read

Megalodon Attack Backdoors 5,561 GitHub Repos in Six Hours

Automated Megalodon campaign pushed 5,718 malicious commits to GitHub repos on May 18, injecting CI/CD workflows that exfiltrate cloud credentials, SSH keys, and secrets. SafeDep links it to TeamPCP.

James RiveraMay 23, 2026

Malware5 min read

TanStack npm Packages Backdoored in 6-Minute Supply Chain Blitz

TeamPCP compromised 84 versions across 42 TanStack packages on May 11 using GitHub Actions cache poisoning. The malware steals CI/CD credentials and includes a wiper that triggers on token revocation.

James RiveraMay 12, 2026

Malware4 min read

TeamPCP Hijacks Checkmarx KICS Using Stolen Trivy Tokens

Stolen CI credentials from Trivy breach enabled TeamPCP to compromise Checkmarx KICS GitHub Actions, poisoning all 35 version tags with credential-stealing malware in four-hour window.

James RiveraMar 25, 2026

Malware3 min read

Trivy Scanner Breach Spawns CanisterWorm Across 47 npm Packages

TeamPCP threat actors hijacked Aqua Security's Trivy vulnerability scanner, compromising 75 GitHub Action tags and spreading credential-stealing malware to 47 npm packages via blockchain C2.

James RiveraMar 22, 2026

Vulnerabilities4 min read

OpenLIT GitHub Actions Flaw Exposes API Keys, Cloud Credentials

CVE-2026-27941 (CVSS 9.9) lets attackers execute code via pull requests to OpenLIT, stealing GITHUB_TOKEN and cloud secrets. Patch to 1.37.1 now.

Marcus ChenFeb 26, 2026