Github Actions Supply Chain Attacks

Update: 2025-03-31

Description

This week, we discuss a recent cascading supply chain attack involving multiple Github actions workflows that nearly succeeded in compromising a popular Coinbase application. Before that, we discuss a novel way to download malware onto an endpoint by abusing a web browser's caching feature. Additionally, we cover an FBI alert on file converter malware scams.

Comments

In Channel

Microsoft is Killing NTLM

2023-10-1640:09

Anthropic's AI Threat Intelligence Report

2025-09-0141:36

Is Zero Trust a Total Bust?

2025-08-1835:59

What We Know About the Sonicwall SSLVPN Attacks

2025-08-1236:34

Clorox vs Cognizant

2025-08-0434:14

Outing Chinese Semiconductor Cyber Spies

2025-07-2101:01:18

Exploring Endpoint Threats with WatchGuard’s Q1 2025 Internet Security Report.

2025-07-1401:04:57

Rewind: Microsoft Kernel Shift, GPT-4o Threats, and Scattered Spider Update

2025-07-0744:29

Lessons From The M&S Breach

2025-06-3042:27

Social Engineering an LLM

2025-06-1139:54

AI Applications in Cybersecurity with Adam Winston

2025-06-0358:49

Signal and TeleMessage

2025-05-2638:45

2025 Ransomware Update with Ryan Estes

2025-05-1933:25

AI and Compliance with Adam Winston

2025-04-2957:15

The CVE Near-Death Experience

2025-04-2134:14

Revoking Security Clearances as Punishment

2025-04-1540:40

Lucid, the Phishing-as-a-Service Platform

2025-04-0740:25

Github Actions Supply Chain Attacks

2025-03-3142:12

Polymorphic Extensions

2025-03-2436:31

Silk Typhoon is Targeting MSPs

2025-03-1727:17

00:00

Github Actions Supply Chain Attacks

#box-pro-ellipsis-175701293107797{-webkit-line-clamp:2;}Github Actions Supply Chain Attacks

Github Actions Supply Chain Attacks

Secplicity

Github Actions Supply Chain Attacks