GitHub攻击 – Shai-Hulud分支向Webhook发送秘密信息
许多代码库正在遭受攻击,攻击者创建名为 Shai-Hulud 的分支,以触发 GitHub Actions 并将所有机密信息发送到一个 webhook 网站。这是一个新出现的问题,以下是一个示例:<p>https://github.com/amadan21/walkerdigitaltablesystems-automation-testing-utility-migration/commit/6fc05c646b3ee27a962133d8889dfaab0c6901ae<p>只需在 GitHub 上搜索,您会看到很多这样的代码库。
查看原文
A lot of repos are being under attack where branches are being created under the name Shai-Hulud to trigger GH actions and send all secrets to a webhook website. This is new and here is an example:<p>https://github.com/amadan21/walkerdigitaltablesystems-automation-testing-utility-migration/commit/6fc05c646b3ee27a962133d8889dfaab0c6901ae<p>Just search on github and you will see planty repos.