GitHub Actions Workflows AWS

250,000+ Potential Digital Security Issues in GitHub Actions Workflows Identified in New Report

Cybersecurity researchers at Kaspersky have identified more than 250,000 potential security misconfigurations across GitHub ...

The Hacker News

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.

InfoQ

AWS Lambda Adds Support for GitHub Actions

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...

InfoWorld

GitHub Actions hardens checkout security to block ‘pwn request’ attacks

After years of trying to educate developers to use pull_request_target securely, the platform finally implements stronger ...

CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...

20h

InvisRisk Expands Build Application Firewall with Real-Time CI/CD Enforcement Across AWS and GitLab

New release extends runtime policy enforcement, stopping software supply chain threats during build execution before ...

CSOonline

Researchers demo new CI/CD attack techniques in PyTorch supply-chain

The proof of concept shows it's possible to upload malicious PyTorch releases to GitHub by exploiting insecure misconfigurations in GitHub Actions. A pair of security researchers managed to infiltrate ...

Some results have been hidden because they may be inaccessible to you

Show inaccessible results