Back to emschwartz's feed
馃攧Developer Workflowstepsecurity.ioContent type: Blog

Codfish/semantic-release-action GitHub Action has been compromised (opens in new tab)

Covered by聽3聽sources See all sources covering this story聽including聽The Hacker News, CTO at NCSCDiscussed on Hacker News

On June 24, 2026, an attacker compromised the codfish/semantic-release-action GitHub repository. At 15:39:06 UTC they force-pushed a malicious commit and repointed several version tags to that commit. As a result, any workflow running against those tags after that time executed the attacker's code inside its GitHub Actions runner.

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Covered in 3 articles

The Hacker News

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

Feeds
CTO at NCSC

CTO at NCSC Summary: week ending June 28th

Discussed on Substack
Feeds
news.risky.biz

Risky Bulletin: Law enforcement agencies and security firms take down Amadey and StealerC

Feeds

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help