Bleeping Computer

Supply chain attack on popular GitHub Action exposes CI/CD secrets

As first reported by StepSecurity, attackers added a malicious commit to the tool on March 14, 2025, at 4:00 PM UTC, that dumped CI/CD secrets from the Runner Worker process to the repository of any ...
InfoWorld

Automating CI/CD with GitHub Actions

Automating and streamlining the software development lifecycle through continuous integration and continuous delivery (CI/CD) is a cornerstone of software development today. One of the easiest tools ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
SD Times

GitHub Actions joins the CI/CD space

In the past, the CI/CD pipeline was simply a place to integrate code. Developers would write their code in GitHub, pass it through the pipeline, and then deploy it. The pipeline has become a much more ...
CSOonline

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own name. A ...
cio.economictimes.indiatimes

10 Best CI/CD Tools for DevOps Teams in 2025

Quick Summary Aiming to deliver software faster without compromising quality or security? Explore the 10 best CI/CD tools for DevOps teams in 2025 that help automate builds, testing, and deployments ...
InfoWorld

What is GitHub Actions? Automated CI/CD for GitHub

GitHub Actions is a platform built into GitHub that automates software building, testing, and deployment. GitHub, owned by Microsoft, is a hosting service for software development using Git, an open ...