Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
17 articles

#GitHub Actions

All CosmicBytez Labs articles tagged #GitHub Actions, across news, security advisories, how-to guides, and projects.

  • NewsJun 26, 2026

    Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

    The Miasma supply chain malware family — an evolution of Mini Shai-Hulud and linked to the Hades worm — has compromised hundreds of npm packages, abused...

  • NewsJun 24, 2026

    Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

    Novee Security researchers have identified a critical exploitable CI/CD workflow pattern dubbed Cordyceps that enables attackers to hijack GitHub Actions...

  • NewsJun 24, 2026

    Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

    Security researchers have disclosed a class of exploitable flaws in CI/CD pipeline configurations that allow unauthenticated attackers to take full...

  • NewsJun 23, 2026

    GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

    GitHub released actions/checkout v7 on June 18, 2026, adding default protections that refuse to fetch fork PR code inside pull_request_target workflows —...

  • NewsletterJun 23, 2026

    June 23 Digest: FortiBleed, Klue/Salesforce Supply Chain, Squidbleed, GitHub Actions Fix

    A Russian IAB harvests 110M credentials from FortiGate firewalls; the Icarus group drains hundreds of Salesforce orgs via Klue OAuth tokens; a 29-year-old...

  • NewsletterMay 26, 2026

    May 26 Digest: SharePoint RCE, Megalodon CI/CD Blitz

    Microsoft patches a CVSS 8.8 SharePoint RCE; the Megalodon campaign poisons 5,561 GitHub repos in six hours; 7-Eleven's ShinyHunters breach hits 185,000; and a.

  • NewsletterMay 20, 2026

    May 20 Digest: Exchange Zero-Day, Verizon DBIR, GitHub

    A Microsoft Exchange zero-day is being exploited with no patch in sight; Verizon DBIR 2026 marks a landmark shift — vulnerability exploitation now...

  • NewsMay 19, 2026

    Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

    Threat actors have compromised the widely-used actions-cool/issues-helper GitHub Action, redirecting every existing tag to a malicious imposter commit...

  • SecurityMay 13, 2026

    CVE-2026-44246: nnU-Net Agentic Workflow Injection via GitHub Actions Issue Triage

    A high-severity agentic workflow injection vulnerability in nnU-Net's GitHub Actions issue triage workflow allows attackers to inject and execute...

  • NewsMay 1, 2026

    Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

    A new supply chain attack campaign dubbed BufferZoneCorp has been observed using sleeper packages in RubyGems and Go module registries to push...

  • NewsApr 3, 2026

    Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

    The rebuilt Chainguard Factory platform adds deeper security automation designed to continuously reconcile open source artifacts across containers,...

  • HOWTOMar 27, 2026

    Container Security Scanning with Trivy: Images, IaC, and CI/CD

    Learn how to use Trivy to scan container images, Dockerfiles, Kubernetes manifests, and Terraform for vulnerabilities and misconfigurations — then...

  • NewsMar 23, 2026

    Trivy Supply Chain Attack Targets CI/CD Secrets

    The open-source Trivy security scanner was weaponized by threat actor TeamPCP in a supply chain attack that hijacked 75 release tags to deploy an...

  • NewsMar 22, 2026

    Trivy Vulnerability Scanner Breached to Push Infostealer

    The Trivy open-source vulnerability scanner was compromised in a supply chain attack by the threat group TeamPCP, which hijacked 75 release tags and...

  • NewsMar 20, 2026

    Trivy Security Scanner GitHub Actions Breached — 75 Tags

    Trivy, Aqua Security's widely used open-source vulnerability scanner, was compromised a second time in a month. Attackers hijacked 75 GitHub Actions tags...

  • HOWTOMar 9, 2026

    How to Secure GitHub Actions Workflows with OIDC, SHA

    Harden your CI/CD pipeline by replacing long-lived secrets with OIDC short-lived tokens, pinning third-party actions to commit SHAs, enforcing...

  • ProjectFeb 3, 2026

    CI/CD Pipeline with GitHub Actions and Azure

    Build a secure CI/CD pipeline with GitHub Actions deploying to Azure. Covers build, test, security scanning (SAST/DAST), and deployment with OIDC...