#github-actions

Claude Code GitHub Action Secret Exposure

Microsoft reported that the Claude Code GitHub Action could expose workflow secrets through a Read-tool path that reached /proc/self/environ; Anthropic shipped v2.1.128 as the fixed release.

actions-cool GitHub Actions Tag Hijack Credential Theft

All 53 reviewed tags for actions-cool/issues-helper and all 15 tags for actions-cool/maintain-one-comment were moved to dangling imposter commits that scraped GitHub Actions runner memory and exfiltrated credentials. GitHub now blocks access to both repositories.

Megalodon GitHub Actions Secret Exfiltration Campaign

Megalodon added malicious GitHub Actions workflows to thousands of public repositories to collect environment variables, cloud credentials, source-control secrets, and runner tokens.

TanStack CI/CD Release Pipeline Poisoning

On May 11, 2026, the popular open-source project TanStack fell victim to a CI/CD release pipeline poisoning attack. Threat actors hijacked the release pipeline via a pull request exploitation vector and OIDC token theft to publish 84 backdoored versions across 42 packages.

elementary-data PyPI and GHCR GitHub Actions Compromise

A malicious `elementary-data==0.23.3` release was pushed to PyPI and GHCR after attackers exploited a GitHub Actions script-injection path, adding an interpreter-startup `.pth` infostealer.

Bitwarden CLI npm 2026.4.0 Credential Stealer

Bitwarden confirmed that @bitwarden/[email protected] was maliciously distributed through the npm CLI delivery path for a short April 22, 2026 window. CVE-2026-42994 tracks the incident; artifact analysis tied the package to bw_setup.js, bw1.js, Bun bootstrap, credential theft, and GitHub fallback channels.

Aqua Security Trivy CI/CD Pipeline & Tag Poisoning

On March 19, 2026, the widely adopted container vulnerability scanner Trivy was compromised in a major supply chain attack. Cybercrime group TeamPCP poisoned version tags to harvest and exfiltrate runner credentials.