A new supply chain attack named ‘GhostAction’ compromised over 3,300 secrets across multiple repositories on GitHub, affecting various package ecosystems. The attack involved malicious workflows stealing secrets such as API tokens and access keys, highlighting the widespread vulnerability in software development environments. #GhostAction #GitGuardian #FastUUID #PyPI #npm #DockerHub #Cloudflare #AWS
Keypoints
- The GhostAction campaign targeted GitHub repositories by injecting malicious workflows.
- Over 3,300 secrets, including tokens and keys, were stolen during the attack.
- The attack leveraged compromised maintainer accounts to perform unauthorized commits.
- Multiple package ecosystems, such as npm, PyPI, and DockerHub, were affected.
- GitGuardian quickly responded by notifying affected teams and halting the exfiltration endpoint.