Cybersecurity firm Zscaler has confirmed a hacker gained access to a test server, following an investigation into claims by a hacker offering data access for $20,000 in cryptocurrencies. However, the company stated the breach was confined to a non-critical test environment that contained no customer data. It urged the necessity of isolating test platforms from production systems to limit potential impact from breaches.
New GitHub Actions Attack Chain Uses Fake CI Updates to Exfiltrate Secrets and Tokens
A new attack campaign is actively targeting open-source repositories on GitHub by carefully disguising malicious code as completely routine CI build configuration updates. The campaign,
