The GhostAction Supply Chain Attack: Compromised GitHub Workflows And Stolen Secrets

gitguardian logo
GitGuardian
Sep 5, 2025
GitGuardian

GitGuardian has uncovered GhostAction, a massive supply chain attack targeting 327 GitHub users and 817 repositories. Attackers injected malicious workflows that exfiltrated over 3,325 secrets, including npm, PyPI, and DockerHub tokens. Watch as GitGuardian's Senior Cybersecurity Researcher, Guillaume Valadon breaks down how this campaign unfolded, what was stolen, and what developers need to know to stay safe.

Learn more:

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows
https://blog.gitguardian.com/ghostaction-campaign-3-325-secrets-stolen/

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce
https://blog.gitguardian.com/a-complete-guide-to-finding-hidden-credentials-in-salesforce/

The Nx "s1ngularity" Attack: Inside the Credential Leak
https://blog.gitguardian.com/the-nx-s1ngularity-attack-inside-the-credential-leak/

Video:
https://youtu.be/t3RSKws0en4

Copyright © 2026 OpsMatters™. All rights reserved.