Tag

#github-actions

3 articles

GitHub Actions Supply Chain Attack: actions-cool/issues-helper

Analysis of the actions-cool/issues-helper supply chain attack where tags were redirected to steal credentials. Learn how to detect and mitigate this threat.

Runtime Rebel Intel

3 min read·May 19, 2026

HIGH

Supply Chain

Trivy Supply Chain Attack: TeamPCP Pushes Infostealer via GitHub

Threat actor TeamPCP compromised the Trivy-action repository to distribute infostealer malware through GitHub Actions, targeting CI/CD pipelines and secrets.

Runtime Rebel Intel

3 min read·Mar 21, 2026

CRITICAL

Supply Chain

75 Trivy-Action GitHub Tags Hijacked in Supply Chain Attack

Attackers hijacked 75 tags in Aqua Security's Trivy GitHub Actions to exfiltrate CI/CD secrets, marking the second major breach in a single month.

Runtime Rebel Intel

3 min read·Mar 20, 2026