Palo Alto Networks

GitHub

The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree

GitHub Actions worm compromises GitHub repositories via action dependencies in a novel attack vector allowing attackers to distribute malware across repositories, research shows.

AppSec

CI/CD

DevOps

Research

Sep 14, 2023

By Asi Greenholts

Palo Alto Networks

Products and Services

Partners

CI/CD, DevOps

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions W...

Action pinning doesn’t always offer security. Understand risks stemming from the GitHub Actions ecosystem and learn how to avoid compromise of CI/CD pipeline.

Aug 30, 2023

By Yaron Avital

AppSec, CI/CD, Research

Third-Party GitHub Actions: Effects of an Opt-Out Permission Model

Secure GitHub Actions with new research showing high-risk practices and get expert tips to prevent overly permissive workflows in your CI/CD pipeline.

Aug 16, 2023

By Yaron Avital

DevSecOps, Secure the Cloud

Top 3 IAM Risks in Your GitHub Organization

Learn the top 3 IAM risks for GitHub Organizations, and discover practical tips to protect your organization with IAM for your source control management system.

Jul 18, 2023

By Omer Gil and Yaron Avital

Playbook of the Week

Playbook of the Week: Automating CI/CD Pull Requests in GitHub

The Cortex XSOAR CI/CD content pack makes it easy for users to push new and updated content to a pull request across multiple git platforms such as GitHub, GitLab and Bitbucket. ...

Feb 17, 2023

By Shelly Tzohar

DevSecOps

Shift Security Left with Git Repo Vulnerability Management

Prisma Cloud now provides git repository (repo) vulnerability management by scanning code before its committed to workflows.

Oct 13, 2020

By Keith Mokris

Unit 42

Dimnie: Hiding in Plain Sight

Recent Dimnie activity uses phishing emails to target open source developers on GitHub.

Mar 28, 2017

By Brandon Levene, Dominik Reichel and Esmid Idrizovic

Malware, Mobility, Threat Prevention

Palo Alto Networks Discovers New Trend in Mobile Malware Distribution

Candy Crush, Clash of Clans, Flappy Bird – if you’re a fan of gaming on mobile devices, you’ve likely already heard (and are probably already playing)...

Apr 15, 2014

By Scott Simkin

Cybersecurity

Examining the Worst Data Breaches of 2013: Part 2

Yesterday, we looked at why this year’s Adobe breach was unique in both scale and what it caused for ripple effects in the security industry. Now let’s continue and look at more of the worst data breaches of 20...

Dec 13, 2013

By Scott Simkin

Load more blogs

Palo Alto Networks

GitHub

The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree

Palo Alto Networks

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions W...

Third-Party GitHub Actions: Effects of an Opt-Out Permission Model

Top 3 IAM Risks in Your GitHub Organization

Playbook of the Week: Automating CI/CD Pull Requests in GitHub

Shift Security Left with Git Repo Vulnerability Management

Dimnie: Hiding in Plain Sight

Palo Alto Networks Discovers New Trend in Mobile Malware Distribution

Examining the Worst Data Breaches of 2013: Part 2

Get the latest news, invites to events, and threat alerts

Products and Services

Company

Popular Links

Palo Alto Networks

GitHub

The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree

Palo Alto Networks

Subscribe to the Blog!

Get the latest news, invites to events, and threat alerts

Products and Services

Company

Popular Links