← All Tags
# github ci-cd security

2 links tagged with all of: github + ci-cd + security

Click any tag below to further narrow down your results

+ npm (1) + typosquatting (1) + actions (1) + vulnerabilities (1)

Links

Malicious npm package sneaks into GitHub Actions builds

A typosquatted npm package named “@acitons/artifact” impersonated the legitimate “@actions/artifact” to exploit GitHub's CI/CD workflows. It stole tokens from build environments and published malicious artifacts, highlighting vulnerabilities in supply chain security.
Saved by tldr-importer · Last saved February 14, 2026 · 3 min read
+ npm github ✓ security ✓ + typosquatting ci-cd ✓

Part 1: Attackers Love Your GitHub Actions Too

This article discusses the security vulnerabilities associated with GitHub Actions, highlighting issues like secrets management failures, insufficient permission management, and dependency pinning failures. It emphasizes the importance of understanding these risks to protect CI/CD workflows from potential attacks.
Saved by tldr-importer · Last saved February 14, 2026 · 6 min read
github ✓ + actions security ✓ + vulnerabilities ci-cd ✓