{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreig4qb2utytyzdlum4b4wvw5pxd47wqmfyn433ti4d6inriwkcsuua",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mm6xgx76izf2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreigwxyynzzsftuhphuelotlosvj4ukk7aypaisrzwwaz5t5g3aj25a"
    },
    "mimeType": "image/jpeg",
    "size": 139721
  },
  "path": "/2026/05/github-actions-supply-chain-attack.html",
  "publishedAt": "2026-05-19T05:28:06.000Z",
  "site": "https://thehackernews.com",
  "textContent": "In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server.\n\n\"Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action's normal commit history,",
  "title": "Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials"
}