Automatic Dependabot access to GitHub-hosted registries

Mastering Secure CI/CD for ECS with GitHub Actions

Bài viết hướng dẫn xây dựng quy trình CI/CD an toàn cho ECS trên Fargate bằng GitHub Actions, cải tiến vận hành như hợp nhất workflow, dùng commit hash làm tag ảnh container, quản lý định nghĩa task và service với ecspresso. Ngoài ra, bài cũng đề cập đến biện pháp bảo mật như AssumeRole không dùng key với OpenID Connect, quét lỗ hổng bằng Trivy và Dockle, cùng multi-stage build để giảm bề mặt tấn công.

Lập trình viên cần đọc bài này để tìm hiểu cách xây dựng và tối ưu hóa một chu trình CI/CD an toàn trên AWS ECS Fargate bằng GitHub Actions, từ việc quản lý mã nguồn đến bảo mật container và giảm diện tích tấn công.

Red Hat Enterprise Linux runner images are now in public preview

GitHub-hosted larger runners now support Red Hat Enterprise Linux (RHEL) 9 and RHEL 10 images in public preview, available for Linux x64. Developed in partnership with Red Hat, these images can serve as a foundation for custom runner images with specific tools, dependencies, and configurations. Organizations can enable them by creating a new larger runner and selecting the desired RHEL image under Linux x64 partner images.

Cordyceps CI/CD Weakness Exposes Software Supply Chains to Malicious Pull Requests

Security researchers at Novee have disclosed a new CI/CD vulnerability class called 'Cordyceps' that allows attackers to exploit malicious pull requests against insecurely configured automated workflows. A scan of public repositories found 654 potentially vulnerable projects, with ~300 confirmed fully exploitable. Affected projects include Microsoft Azure Sentinel, Google's AI Agent Development Kit, Apache Doris, Cloudflare Workers SDK, and the Python Black formatter. The weakness stems not from pull requests themselves but from workflow configurations that grant excessive privileges to untrusted inputs, enabling credential theft, command injection, and malicious package publishing. Notably, AI-generated CI/CD configs may amplify the problem by replicating insecure patterns at scale. Recommended mitigations include auditing workflows for excessive permissions, applying least-privilege principles, and treating workflow YAML with the same rigor as application code.

Shipping huggingface_hub every week with AI, open tools, and a human in the loop

The Hugging Face team describes how they automated weekly releases of the huggingface_hub Python library using a single GitHub Actions workflow. The pipeline handles version bumping, PyPI publishing via OIDC Trusted Publishing, downstream test branch creation, and AI-drafted release notes — all built with open-source tools and open-weights models. A key design pattern is a 'trust-but-verify' loop: a deterministic script extracts the ground-truth list of PRs in the release, the model drafts the changelog, then code validates completeness and re-prompts the agent to fix any missing or extra entries. Documentation diffs are fed as context to prevent hallucinated API examples. A human reviews and edits the draft before the final release ships. The full cost per release is ~$0.25. Release cadence improved from every 4–6 weeks to weekly, with better notes, earlier breakage detection, and shorter contributor feedback loops. The workflow is public and designed to be forked and adapted by other Python library maintainers.

Post-incident review for TanStack npm supply chain ransom incident

Grafana Labs published a post-incident review of the TanStack npm supply chain ransom attack that hit them on May 11 via the Mini Shai-Hulud campaign. A missed credential rotation allowed a threat actor to clone their entire repository collection and demand a ransom on May 16. Grafana Labs refused to pay, confirmed no unauthorized access to customer production systems, and verified the Grafana Cloud platform was unaffected. An independent Mandiant investigation corroborated internal findings, finding no evidence of code tampering or repository poisoning. The response included 1,500 security-focused PR reviews, auditing 280 GitHub applications, scanning 1,200 repositories, and a full-engineering security hardening week. Remediation steps included implementing a token broker, fine-grained access controls, short-lived tokens, and compartmentalizing GitHub organizations.

Optional ephemeral environments using GitHub PR labels

A walkthrough of how to make ephemeral PR environments optional using GitHub PR labels, without breaking branch protection rules. The solution splits a single GitHub Actions workflow job into three: a mandatory build job, an optional deploy-ephemeral job (skipped when a 'skip-ephemeral' label is present on the PR), and a pr-ready gate job that always runs and acts as the required status check. The gate job uses if: always() and checks whether build succeeded and deploy-ephemeral either succeeded or was deliberately skipped, exiting with code 1 if not. This approach preserves branch protection integrity while giving developers per-PR control over ephemeral environment deployments, and because the workflow is shared across teams via a platform engineering model, the change benefits all consuming teams immediately.

Supply Chain Compromise: codfish/semantic-release-action Tags Hijacked to Steal OIDC Tokens and Propagate Backdoors

A supply chain attack compromised the codfish/semantic-release-action GitHub Action by force-pushing a malicious commit and redirecting seven version tags (v1.6.1 through v2.2.1) to point at it. Any workflow using these tags after June 24, 2026 at 15:39 UTC executed attacker-controlled code. The attack converted the action from Docker-based to a composite action, injecting two steps guarded with if: always() to ensure execution even on failure. The payload — a ~512 KB obfuscated JavaScript file run via Bun — steals GitHub OIDC tokens, harvests Personal Access Tokens, encrypts collected data with AES-128-GCM, and attempts to propagate backdoors into other accessible repositories. Bun was chosen specifically to bypass Node.js security tooling hooks. The C2 exfiltration endpoint is still being deobfuscated.