Bleeping Computer

GitHub Action hack likely led to another in cascading supply chain attack

To prevent similar compromises in the future, pin GitHub Actions to commit hashes instead of version tags and use GitHub's allow-listing feature to restrict unauthorized actions. Those supply chain ...
InfoWorld

Thousands of open source projects at risk from hack of GitHub Actions tool

App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was ...