Bleeping Computer

Supply chain attack on popular GitHub Action exposes CI/CD secrets

As first reported by StepSecurity, attackers added a malicious commit to the tool on March 14, 2025, at 4:00 PM UTC, that dumped CI/CD secrets from the Runner Worker process to the repository of any ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
TechCrunch

GitHub gets a CI/CD service

Microsoft’s GitHub today launched the beta of a new version of GitHub Actions with full continuous integration and delivery (CI/CD) capabilities built right into the service. General availability is ...
InfoWorld

What is GitHub Actions? Automated CI/CD for GitHub

GitHub Actions is a platform built into GitHub that automates software building, testing, and deployment. GitHub, owned by Microsoft, is a hosting service for software development using Git, an open ...
CSO Online

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
InfoQ

GitHub Launches Actions-Powered CI/CD Service, Free for Public Repos

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. This article dives into the happens-before ...