Security Boulevard

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.
InfoQ

GitHub Actions Custom Runner Images Reach General Availability

GitHub has just announced the availability of custom images for its hosted runners. They've finally left the public preview ...
CSOonline

Supply chain compromise of Ultralytics AI library results in trojanized versions

Attackers exploited a script injection vulnerability via GitHub Actions to inject malicious code during the automated build process, poisoning the resulting packages of the popular Python library.