step-security · Crawled Jul 5, 2026
simonecorsi/mawesome GitHub Action has been compromised
2 IoCs
Read original article ↗
AI Summary
On June 24, 2026, the simonecorsi/mawesome GitHub repository was compromised by an attacker who force-pushed malicious commits and repointed several version tags to execute attacker-controlled code within GitHub Actions runners. This allowed the attacker to potentially gain access to any workflow running against the affected tags. The attack resembles a prior compromise of the codfish/semantic-release-action repository.
AI-extracted · verify before operational use