CSOonline

Researchers demo new CI/CD attack techniques in PyTorch supply-chain

The proof of concept shows it's possible to upload malicious PyTorch releases to GitHub by exploiting insecure misconfigurations in GitHub Actions. A pair of security researchers managed to infiltrate ...
Bleeping Computer

Supply chain attack on popular GitHub Action exposes CI/CD secrets

The GitHub Action is a very popular automation tool designed for GitHub Actions workflows. It allows developers to identify files changed in a pull request or commit and take actions based on those ...