The Hacker News

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.
InfoWorld

GitHub Actions hardens checkout security to block ‘pwn request’ attacks

After years of trying to educate developers to use pull_request_target securely, the platform finally implements stronger ...
InfoWorld

GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments

Many enterprises use GitHub Action Secrets to store and protect sensitive information such as credentials, API keys, and tokens used in CI/CD workflows. These private repositories are widely assumed ...

GitHub supply chain attack spills secrets from 23,000 projects

It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack.

Microsoft disables over 70 GitHub repos after hackers compromised them with dangerous malware

Someone forgot to change compromised credentials ...
Developer Tech

GitHub brings agentic workflows to GitHub Actions

GitHub has released Agentic Workflows in public preview, bringing coding agents into GitHub Actions for automated engineering ...
Dark Reading

Supply Chain Worms in 2026: What Shai-Hulud Taught Attackers (And How to Prepare)

The Shai-Hulud 2.0 campaign exposed 33,185 unique secrets across 20,649 repositories scanned. Among the exposed credentials, 3,760 remained valid days after discovery. Here is why the next version ...