GitHub 热门 Action 组件 tj-actions/branch-names 曝出高危命令注入漏洞（编号 CVE-2025-54416，CVSS 评分 9.1），影响超过 5000 个公开代码库 ...

GitHub Actions is currently being abused by attackers to mine cryptocurrency on GitHub's servers in an automated attack. GitHub Actions is a CI/CD solution that makes it easy to setup periodic tasks ...

Some of the most significant software supply chain incidents over the past year were carried out by threat actors who exploited vulnerabilities in GitHub, the global repository widely used by software ...

The tj-actions developers cannot pinpoint exactly how the attackers compromised a GitHub personal access token (PAT) used by a bot to perform malicious code changes. Today, Wiz researchers think they ...

Developers who mistype names and owners of GitHub Actions expose their repositories and accounts to malicious code execution, with significant software supply chain implications, researchers have ...