WinBuzzer

GitHub Agentic Workflows Enter Technical Preview for CI/CD AI

GitHub has launched Agentic Workflows into technical preview, enabling AI agents to automate repository tasks directly inside ...
CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
Computing

GitHub supply-chain attack threatens 23,000 organisations

A supply chain attack on a GitHub Actions tool has put up to 23,000 organisations at risk of having credentials stolen. GitAub Actions is a CI/CD platform that automates code testing and deployment.
Dark Reading

Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines

An attacker submitting changes to an open source repository on GitHub could cause downstream software projects that include the latest version of a component to compile updates with malicious code.
InfoQ

LinkedIn Leverages GitHub Actions, CodeQL, and Semgrep for Code Scanning

LinkedIn has rebuilt its static application security testing (SAST) pipeline using GitHub Actions and custom workflows, ...
heise online

Zig turns its back on GitHub: Frustration over Actions and Microsoft's AI course

The programming language Zig is leaving GitHub after ten years. The reason is problems with GitHub Actions, chaotic job scheduling, and Microsoft's AI direction. The programming language Zig is ...