Organizations using Claude Code GitHub Actions should review their CI/CD environments after a researcher found vulnerabilities that could expose repositories to compromise and supply chain attacks. The flaws, which have since been patched, allowed attackers to bypass permission controls and inject untrusted input into trusted workflows. These vulnerabilities allow “… an attacker [to] bypass its…
Tag: Actions
AI, Global Security News
OpenAI rotates macOS certs after Axios attack hit code-signing workflow
OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. […]
AI, Apps, Global Security News
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. “Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps,” OpenAI said in a…
Global Security News
Court Denies Anthropic Request to End Defense Department Punishment
The company is involved in two separate legal actions related to being blacklisted by the Pentagon.
AI, Global Security News
Silicon Valley Has Stopped Talking Politics—Except for This Google Executive
AI pioneer Jeff Dean is a rare tech leader who has been publicly criticizing actions by the Trump administration.
AI, Apps, Global Security News, Risk Management
Cisco Reimagines Security for the Agentic Workforce
COMPANY NEWS: With end-to-end security across AI actions, Cisco is helping organizations confidently deploy AI agents at scale News Summary: Cisco extends Zero Trust Access to agents with agent discovery in Cisco Identity Intelligence, agentic Identity and Access Management (IAM) in Duo, and model context protocol (MCP) policy enforcement and adaptive risk protection in Secure Access…
AI, Cloud Security, Global Security News, malware
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below – checkmarx/ast-github-action checkmarx/kics-github-action Cloud security
AI, Global Security News, Risk Management
Chainguard locks down CI/CD with secure-by-default actions
Chainguard has announced Chainguard Actions, secure-by-default workflows for CI/CD pipelines that allow developers and AI agents to ship quickly without introducing software supply chain risk. Using an agentic approach, Chainguard Actions provides a continuously secured catalog of workflows maintained by the Chainguard Factory, the infrastructure that has become the industry standard for delivering trusted open…
AI, Global Security News
Researchers Trick Perplexity’s Comet AI Browser Into Phishing Scam in Under Four Minutes
Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers’ tendency to reason their actions and use it against the model…
AI, Global Security News
Engineering trust: A security blueprint for autonomous AI agents
AI agents have evolved from just chatbots, answering questions to executing actions using various integrated tools, often autonomously, and as such the traditional security models have become less efficient. I have seen that firsthand as a security lead for the Fitbit personal health coach. Consider an agent that can access or update health records on…
AI, Global Security News
Identity-First AI Security: Why CISOs Must Add Intent to the Equation
AI agents now provision infrastructure and approve actions, but many inherit over-scoped privileges without proper governance. Token Security explains why CISOs must treat agents as identities and add intent-based controls so access is granted only when purpose and context align. […]
AI, Eurojust, Europol, Global Security News, law enforcement, News
International sting shuts down illegal streaming empire serving millions
Actions by authorities from Italy, Romania, Spain, the United Kingdom, Canada, Kosovo and South Korea, supported by Eurojust and Europol, led to the seizure of multiple illegal streaming services. A total of 31 suspected members have been linked to the operation. The group engaged in unauthorised distribution of pay TV content, illegal access to information…