Xygeni GitHub Action Compromised Via Tag Poison
Summary
Attackers compromised Xygeni's GitHub Action by poisoning tags, allowing them to operate a command and control implant for up to a week. This breach targeted the AppSec vendor's supply chain, potentially impacting downstream users.
IFF Assessment
FOE
The compromise of a software vendor's supply chain, especially their GitHub Action, represents a significant risk to defenders as it can lead to the distribution of malicious code to numerous users.
Defender Context
This incident highlights the critical importance of securing CI/CD pipelines and supply chains against sophisticated attacks like tag poisoning. Defenders should implement rigorous access controls, code scanning, and monitoring for their own supply chain components.