Xygeni GitHub Action backdoored for seven days through tag poisoning attack
by Artem Safonov
A poisoned Git tag turned a security vendor's own GitHub Action into a backdoor. The C2 implant in xygeni-action ran for seven days, giving attackers access to repo secrets on every workflow run. Same technique that hit tj-actions last year.
Read more →