GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials

Blog

Byadmblake May 19, 2026

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. “Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action’s normal…

“Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action’s normal commit history,

Blog

RaccoonO365 Phishing Network Shut Down After Microsoft and Cloudflare Disrupt 338 Domains

Microsoft’s Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal more than 5,000 Microsoft 365 credentials from 94 countries since July 2024. “Using a court order granted by the Southern…

Read More RaccoonO365 Phishing Network Shut Down After Microsoft and Cloudflare Disrupt 338 Domains
Blog

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit. The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to

Read More Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release
Blog

When the Cloud Rains on Everyone’s IoT Parade

What happens to all of those always-connected devices and Internet of Things when the cloud goes down? Disruptions to sleep, school, and smart homes, just to name a few issues.

Read More When the Cloud Rains on Everyone’s IoT Parade
Blog

Encouraging Industry Voices to Write for the Commentary Section

Dark Reading will continue to publish Tech Talks and Ask the Expert pieces in the Commentary section. Read on for submission guidelines.

Read More Encouraging Industry Voices to Write for the Commentary Section
Blog

Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach

Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. “This activity has affected a small number of customers we have in common with Microsoft, and we are working with those customers to provide…

Read More Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach
Blog

Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names

Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed extensions. Software supply chain security outfit ReversingLabs said it made the discovery after it identified a malicious extension named “ahbanC.shiba” that functioned similarly to two other extensions – ahban.shiba and ahban.cychelloworld –

Read More Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names

Related