Security Research Blog
"Cybersecurity is a team sport"
The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree
Learn how a novel attack vector in GitHub Actions allows attackers to distribute malware across repositories using a technique that exploits the actions dependency tree and puts countless open-source projects and internal repositories at risk. Get an in-depth look at the attack vectors, technical details and a real-world demo in this blog post highlighting our latest research.
The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree
Learn how a novel attack vector in GitHub Actions allows attackers to distribute malware across repositories using a technique that exploits the actions dependency tree and puts countless open-source projects and internal repositories at risk. Get an in-depth look at the attack vectors, technical details and a real-world demo in this blog post highlighting our latest research.