The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree
Prisma Clud
SEPTEMBER 14, 2023
Get an in-depth look at the attack vectors, technical details and a real-world demo in this blog post highlighting our latest research. The payload tries to steal secrets or create a reverse shell, whether running in pipelines or production environments. Is the GITHUB_TOKEN as accessible as other secrets? We’ll soon find out.
Let's personalize your content