Bleeping Computer

Supply chain attack on popular GitHub Action exposes CI/CD secrets

As first reported by StepSecurity, attackers added a malicious commit to the tool on March 14, 2025, at 4:00 PM UTC, that dumped CI/CD secrets from the Runner Worker process to the repository of any ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
InfoWorld

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
InfoWorld

GitHub suffers a cascading supply chain attack compromising CI/CD secrets

A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The ...
TechCrunch

GitHub gets a CI/CD service

Microsoft’s GitHub today launched the beta of a new version of GitHub Actions with full continuous integration and delivery (CI/CD) capabilities built right into the service. General availability is ...
TheServerSide

Jenkins GitHub Integration for CI/CD Pipelines example

The ability of Jenkins to pull code from GitHub The ability of GitHub to trigger Jenkins build jobs The first feature, namely the ability to pull code from GitHub is made possible through the Jenkins ...