CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

AI-enabled supply chain campaign abuses GitHub Actions pull_request_target triggers

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A threat actor leveraged AI-assisted automation to orchestrate a large-scale supply chain attack against open source repositories on GitHub by exploiting the pull_request_target workflow trigger in GitHub Actions. The campaign, codenamed prt-scan, began on March 11 and spanned six waves executed via six coordinated GitHub accounts, resulting in at least two compromised NPM packages out of over 450 exploitation attempts. The actor primarily targeted repositories with the pull_request_target trigger, which automatically runs workflows in the main repository when a pull request is submitted from an untrusted fork, granting workflows full repository permissions and access to secrets. Successful intrusions predominantly exposed ephemeral GitHub credentials for workflows, though broader implications highlight the facilitation of low-sophistication attackers to scale supply chain attacks rapidly.

Timeline

  1. 07.04.2026 00:38 1 articles · 2h ago

    AI-assisted supply chain attack campaign abuses GitHub Actions pull_request_target triggers

    A threat actor used AI-assisted automation to execute six waves of attacks via six GitHub accounts between March 11 and early April 2026. The campaign targeted repositories with the pull_request_target workflow trigger, resulting in over 450 exploitation attempts and compromising at least two NPM packages. The actor’s malicious pull requests attempted to steal credentials using a sophisticated but flawed multi-phase payload, primarily impacting small hobbyist projects. The attack chain involved scanning for vulnerable repositories, forking them, injecting malicious code into routine updates, and exploiting the automatic workflow execution to exfiltrate data.

    Show sources
    Open in new tab

Information Snippets

  • The campaign began on March 11, 2026, and was first detected by Aikido Security researcher Charlie Eriksen on April 2, with activity continuing through early April 2026.

    First reported: 07.04.2026 00:38
    1 source, 1 article
    Show sources

  • Over 450 exploitation attempts were made, fewer than 10% of which were successful, compromising at least two NPM packages.

    First reported: 07.04.2026 00:38
    1 source, 1 article
    Show sources

  • The threat actor used six distinct GitHub accounts linked to a single actor, operating in six waves with a pause between March 16 and April 2.

    First reported: 07.04.2026 00:38
    1 source, 1 article
    Show sources

  • The attack exploited the pull_request_target workflow trigger in GitHub Actions, which runs workflows in the main repository from untrusted forks with full repository permissions and access to secrets.

    First reported: 07.04.2026 00:38
    1 source, 1 article
    Show sources

  • The actor’s payload design was sophisticated but poorly implemented, suggesting unfamiliarity with GitHub’s permissions model; techniques included multi-phase credential theft attempts that often failed in practice.

    First reported: 07.04.2026 00:38
    1 source, 1 article
    Show sources

  • This marks the second AI-augmented supply chain campaign targeting pull_request_target workflows in recent weeks, following the "hackerbot-claw" campaign in late February 2026.

    First reported: 07.04.2026 00:38
    1 source, 1 article
    Show sources