Actions-cool/issues-helper hit by network compromise
Incident
Summary
Hide ▲
Show ▼
The actions-cool/issues-helper GitHub Actions supply-chain compromise let malicious tags run in CI/CD pipelines, causing credential theft and downstream account risk. A second action, actions-cool/maintain-one-comment, also had 15 tags compromised with the same functionality. GitHub later disabled access to the repository, while workflows pinned to a known-good full commit SHA were unaffected.
Related Happenings
GitHub Agentic Workflows indirect prompt injection security flaw
Vulnerability
H score27
First: 07.07.2026 17:04
Last: 07.07.2026 17:04
Sources 1
About this happening:
**GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...
GitHub Agentic Workflows indirect prompt injection security flaw
VulnerabilityAbout this happening: **GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...
Codfish/semantic-release-action hit by network compromise
Incident
H score21
First: 26.06.2026 14:05
Last: 26.06.2026 14:05
Sources 1
About this happening:
The **codfish/semantic-release-action** GitHub Action was hit by a **malicious commit force-push** and **tag redirection** that caused trusted workflows to run attacker code. The...
Codfish/semantic-release-action hit by network compromise
IncidentAbout this happening: The **codfish/semantic-release-action** GitHub Action was hit by a **malicious commit force-push** and **tag redirection** that caused trusted workflows to run attacker code. The...
GitHub actions/checkout blocks fork pull request checkouts by default in privileged workflows
Security Tool/Service
H score11
First: 23.06.2026 17:22
Last: 23.06.2026 17:22
Sources 1
About this happening:
GitHub's **actions/checkout** now refuses common **pwn request** patterns by default, cutting the risk of attacker-controlled code execution in privileged **GitHub Actions** workf...
GitHub actions/checkout blocks fork pull request checkouts by default in privileged workflows
Security Tool/ServiceAbout this happening: GitHub's **actions/checkout** now refuses common **pwn request** patterns by default, cutting the risk of attacker-controlled code execution in privileged **GitHub Actions** workf...
Anthropic Claude Code GitHub Action bypass fix (v1.0.94)
Security Patch Release
H score43
First: 04.06.2026 18:15
Last: 04.06.2026 18:15
Sources 1
About this happening:
Anthropic shipped **claude-code-action v1.0.94** to close a **trigger-check bypass** in **Claude Code GitHub Action**, reducing takeover risk for **public repositories** that run...
Anthropic Claude Code GitHub Action bypass fix (v1.0.94)
Security Patch ReleaseAbout this happening: Anthropic shipped **claude-code-action v1.0.94** to close a **trigger-check bypass** in **Claude Code GitHub Action**, reducing takeover risk for **public repositories** that run...
Claude Code GitHub Action bot trigger bypass security flaw
Vulnerability
H score31
First: 04.06.2026 18:15
Last: 04.06.2026 18:15
Sources 1
About this happening:
**Anthropic's Claude Code GitHub Action** had a **trigger-check bypass** that let a malicious **GitHub issue** escalate into **repository takeover** for vulnerable public reposito...
Claude Code GitHub Action bot trigger bypass security flaw
VulnerabilityAbout this happening: **Anthropic's Claude Code GitHub Action** had a **trigger-check bypass** that let a malicious **GitHub issue** escalate into **repository takeover** for vulnerable public reposito...
Timeline
-
19.05.2026 08:28 2 articles · 1mo ago
actions-cool/issues-helper tag compromise exposes CI/CD credential theft
Initial DisclosureStepSecurity identified a software supply chain compromise of the GitHub Actions repository actions-cool/issues-helper in which every existing tag was redirected to an imposter commit outside the normal history, causing workflows that reference the action by version to run malicious code that harvests credentials from CI/CD pipelines and exfiltrates them to t.m-kosche[.]com. The malicious commit also downloads the Bun JavaScript runtime, reads memory from the Runner.Worker process, and a second GitHub action, actions-cool/maintain-one-comment, had 15 tags compromised with the same functionality. GitHub later disabled access to the repository after a violation of GitHub's terms of service, and workflows pinned to a known-good full commit SHA remained unaffected.
Show sources
- GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials — thehackernews.com — 19.05.2026 08:28
- GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials — thehackernews.com — 19.05.2026 08:28