News

Application security news, updated daily (if there is any news to share).

AI PR campaign abuses pull_request_target to steal CI secrets

Wiz reports the “prt-scan” campaign opened 500+ malicious PRs abusing GitHub Actions `pull_request_target`, leaking runner secrets and compromising at least two npm packages.

NewsSupply ChainCI/CD

2 minYesterday

Loading news…

Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.