GitHub Actions — Tags — Hive Security

Cordyceps and GitHub Actions: When CI/CD Trust Boundaries Become the Supply Chain Attack

Novee's Cordyceps research is a reminder that GitHub Actions workflows are executable attack surface, not harmless YAML. Here is how to audit the trust boundary before an outside pull request borrows maintainer authority.

Shai-Hulud: The Open-Source GitHub Actions Token Harvester That Just Went Public

TeamPCP's Shai-Hulud is a TypeScript/Bun C2 framework targeting GitHub Actions CI/CD pipelines — it steals GitHub tokens, exfiltrates via a fake git domain, and has now been open-sourced for anyone to deploy.

The Cache That Bites Back: GitHub Actions Cache Poisoning Attacks

How attackers turn GitHub Actions' shared build cache into a supply chain weapon — real cases, attack mechanics, detection logic, and mitigations.