Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

GhostAction

GhostAction: GitHub supply-chain attack exposes 3,325 secrets across hundreds of repositories

Cloud, Cybercrime, News, Risk, Vulnerabilities

September 9, 2025

Researchers say a GitHub supply-chain campaign named GhostAction stole about 3,325 secrets across PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys, by compromising maintainer accounts to inject malicious GitHub Actions workflows that exfiltrate secrets to an attacker-controlled endpoint.

About
Editorial Policy
Privacy
Contact