Techly NewsGet the app

Get the latest tech news

PyPI Blog: Token Exfiltration Campaign via GitHub Actions Workflows


Incident report of a recent attack campaign targeting GitHub Actions workflows to exfiltrate PyPI tokens, our response, and steps to protect your projects.

securitytransparency I recently responded to an attack campaign where malicious actors injected code into GitHub Actions workflows attempting to steal PyPI publishing tokens. Later on September 5th, another researcher from GitGuardian emailed PyPI Security directly about their current findings, effectively an expansion of the previous attack. After triaging the situation, I discovered another Indicator of Compromise (IoC) in the form of a URL, which I shared with GitGuardian to assist with their ongoing investigation.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of GitHub

GitHub

Photo of github actions

github actions

Photo of PyPI Blog

PyPI Blog

Related news:

News photo

Node 20 will be deprecated on GitHub Actions runners

News photo

AMD ROCm 7.0 Begins Rocking Out On GitHub

News photo

Some Angry GitHub Users Are Rebelling Against GitHub's Forced Copilot AI Features

« Visa holders on vacation have 15 hours to return to US or pay $100k fee
China's 200M gig workers are a warning for the world »