thehackernews.com via Reddit

GitHub Actions tags hijacked to steal CI/CD secrets

microsoft cybersecurity open source supply-chain ci-cd-security credential-theft

Key insights

  • All 53 existing tags in actions-cool/issues-helper were redirected to malicious commits in under four minutes, leaving no safe version.
  • The exfiltration domain ties this attack to the Mini Shai-Hulud npm campaign, indicating a coordinated, multi-vector threat actor.
  • Any CI/CD pipeline that ran the compromised actions before GitHub's takedown should treat all exposed secrets as stolen.

Why this matters

Pinning GitHub Actions to a tag rather than an immutable commit SHA is standard practice in thousands of enterprise pipelines, and this attack proves that tags offer zero tamper protection since they can be silently moved without any workflow file change triggering an alert. The link to the Shai-Hulud npm campaign means this isn't an isolated opportunistic compromise but part of a coordinated effort targeting developer toolchain credentials across multiple package ecosystems simultaneously. Stolen CI/CD secrets typically include cloud provider keys, container registry credentials, and code-signing certificates, giving attackers persistent access to production infrastructure well beyond the initial breach window.

Summary

All 53 tags in the widely-used GitHub Actions workflow actions-cool/issues-helper were silently redirected to malicious commits in under three minutes and sixteen seconds, exposing any pipeline that ran the action before GitHub disabled the repository. The injected code downloads the Bun JavaScript runtime, reads decrypted secrets from the Runner.Worker process in memory, and exfiltrates them to t.m-kosche[.]com -- a domain already linked to the Mini Shai-Hulud npm supply chain campaign, connecting this attack to a broader, ongoing threat operation. A second action, maintain-one-comment, was compromised using the same technique. Essentially: (StepSecurity researcher Varun Sharma, GitHub) caught the attack after the window had already closed. - Tag hijacking is particularly dangerous because pipelines pinning to a tag rather than a commit SHA get the malicious code automatically, with no workflow file change required. - The three-minute-sixteen-second takeover window means automated monitoring tools had almost no realistic chance of catching the substitution in real time. - Any CI/CD secrets -- API keys, cloud credentials, signing certificates -- that passed through an affected runner before the takedown should be considered compromised. This attack confirms that tag-pinning in GitHub Actions is not a security control, and organizations treating it as one now have a concrete incident to point to.

Potential risks and opportunities

Risks

  • Any organization whose pipelines ran actions-cool/issues-helper before the takedown and has not yet rotated secrets faces active credential abuse -- cloud providers (AWS, GCP, Azure) may see unauthorized API activity in the next 30-90 days.
  • GitHub's reputation as a trusted CI/CD platform takes direct damage if post-incident analysis shows platform-level tag immutability controls were feasible and not implemented, accelerating enterprise migration to stricter alternatives like Chainguard or private runners.
  • The Shai-Hulud operators now potentially hold a stockpile of CI/CD credentials from two separate supply chain vectors (npm and GitHub Actions), raising the risk of coordinated infrastructure compromise across multiple affected organizations simultaneously.

Opportunities

  • Security vendors offering GitHub Actions hardening and SHA-pinning enforcement (StepSecurity, Chainguard, Stacklok) have a concrete public incident to drive enterprise pipeline audits and paid tooling adoption.
  • Secret scanning and rotation platforms (HashiCorp Vault, Doppler, Infisical) can position automatic post-incident credential rotation as a direct response to this class of attack, targeting DevSecOps buyers now actively searching for solutions.
  • GitHub itself has an opportunity to ship enforced tag immutability or verified-publisher controls for Actions -- a feature gap this incident makes politically easier to prioritize and monetize as part of GitHub Advanced Security.

What we don't know yet

  • Which specific organizations or pipelines ran the compromised actions during the under-four-minute takeover window, and has GitHub notified them directly?
  • Whether the Shai-Hulud campaign operators have used credentials stolen from this action in downstream intrusions since the May 2026 disclosure.
  • How the attacker gained push access to the actions-cool/issues-helper repository -- credential theft, token leak, or insider -- has not been publicly confirmed.

Originally reported by thehackernews.com

Read the original article →

Original headline: GitHub Actions Supply Chain Attack: actions-cool/issues-helper Tags Hijacked to Steal CI/CD Credentials, Linked to Shai-Hulud Campaign