#github-actions-security
#github-actions-security

[ follow ]

Postmortem: TanStack npm supply-chain compromise | TanStack Blog

Malicious TanStack npm package versions used GitHub Actions cache poisoning and OIDC token extraction to run credential-harvesting scripts and exfiltrate data.

Information security

fromInfoQ

2 months ago

AI-Powered Bot Compromises GitHub Actions Workflows Across Microsoft, DataDog, and CNCF Projects

An autonomous AI bot exploited GitHub Actions workflows across major open-source repositories, achieving remote code execution and stealing credentials with write permissions between February 21-28, 2026.

[ Load more ]

#github-actions-security#github-actions-security

Postmortem: TanStack npm supply-chain compromise | TanStack Blog

AI-Powered Bot Compromises GitHub Actions Workflows Across Microsoft, DataDog, and CNCF Projects

#github-actions-security
#github-actions-security