An unknown threat actor has been conducting an opportunistic campaign of automated malicious pull requests to attempt to initiate supply chain compromise against various open source repositories. In at least two cases, the attacker has been able to inject malicious code that u...
An unknown threat actor has been conducting an opportunistic campaign of automated malicious pull requests to attempt to initiate supply chain compromise against various open source repositories. In at least two cases, the attacker has been able to inject malicious code that u...
Source: Wiz
Source Link: https://threats.wiz.io/all-incidents/exploitation-campaign-of-vulnerable-github-workflows