step-security · Crawled Jul 5, 2026

simonecorsi/mawesome GitHub Action has been compromised

2 IoCs
Read original article ↗

AI Summary

On June 24, 2026, the simonecorsi/mawesome GitHub repository was compromised by an attacker who force-pushed malicious commits and repointed several version tags to execute attacker-controlled code within GitHub Actions runners. This allowed the attacker to potentially gain access to any workflow running against the affected tags. The attack resembles a prior compromise of the codfish/semantic-release-action repository.

AI-extracted · verify before operational use

Indicators of Compromise 2 extracted

Type Value Detail
GitHub Repo simonecorsi/mawesome Details →
GitHub Repo codfish/semantic-release-action Details →