黑客利用一个被广泛利用的GitHub行动,揭露了23 000多个存放处的秘密。 Hackers exploited a widely-used GitHub Action, exposing over 23,000 repositories' secrets.

攻击者泄露了一个广受欢迎的GitHub Action(GitHub Action), 由超过23,000个存放库使用, Attackers compromised a popular GitHub Action used by over 23,000 repositories, injecting code that exposed secrets like API keys and passwords in build logs. 虽然没有外部盗窃的证据,但建议项目所有人对其存放处进行审计,并轮换已泄露的秘密。 Though no evidence of external theft exists, project owners are advised to audit their repositories and rotate compromised secrets. GitHub建议将Actions固定到特定的提交哈希,以防止类似的攻击. GitHub recommends pinning Actions to specific commit hashes to prevent similar attacks.