log in · sign up

actions-cool/issues-helper GitHub Action Compromised: All Tags Point to Imposter Commit That Exfiltrates CI/CD Credentials - StepSecurity

stepsecurity.io

The popular GitHub Action actions-cool/issues-helper has been compromised. Every existing tag in the repository has been moved to point to a single imposter commit that does not appear in the action's normal commit history. That commit contains malicious code that exfiltrates credentials from CI/CD pipelines that run the action.

4 pages link to this URL

The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave | Wiz Blog

wiz.io Rami McCarthy; Benjamin Read; Merav Bar May 19, 2026

Multi-ecosystem supply chain compromise by TeamPCP targets GitHub, NPM, and VSCode to steal credentials and establish persistence.

0 inbound links article en Research

Finding Unpinned and Unpinnable GitHub Actions

Pavel Tsakalidis - Personal Blog May 19, 2026

How to identify unpinned and unpinnable GitHub actions across your organisation

0 inbound links article en

Compromised GitHub Action Exfiltrates Workflow Credentials to Attacker Domain

Cyber Security News Tushar Subhra Dutta May 19, 2026

Hackers hijacked the actions-cool GitHub Action, redirecting tags to malware that steals CI/CD credentials.

0 inbound links article en Cyber Security News cyber securitycyber security news

Actions-cool/issues-helper GitHub Action Compromised

news.ycombinator.com May 19, 2026

1 inbound link en