github actions

2 posts

Your valid credentials are the breach.

Technical analysis of a coordinated GitHub Actions workflow compromise across 5,561 repositories, with detection guidance for audit log and EDR telemetry.

May 23, 2026

Article

Workflows are code, not config

CI workflow modification executes under repository trust. The control surface is the file. The boundary is the weakest identity allowed to merge.

May 22, 2026