#GitHub Actions
4 posts
GitHub Action tag hijack turns CI/CD runs into credential theft
GitHub Action tag hijack turns CI/CD runs into credential theft A fresh GitHub Actions supply chain incident is a good reminder that "pinned" does not mean safe...
May 19, 2026
6 min read
Lucas Oliveira
Research
Cisco Breach Shows the Real Cost of the Trivy Supply-Chain Attack
Cisco Breach Shows the Real Cost of the Trivy Supply-Chain Attack The most important lesson from the Trivy incident is that a supply-chain attack on a trusted s...
April 1, 2026
5 min read
Lucas Oliveira
Research
Trivy GitHub Action compromise exposed CI/CD secrets in a stealth supply-chain attack
Trivy GitHub Action compromise exposed CI/CD secrets in a stealth supply-chain attack A supply-chain compromise in Aqua Security’s aquasecurity/trivy-action sho...
March 22, 2026
4 min read
Lucas Oliveira
Research
Cline CLI 2.3.0 supply chain attack silently installed OpenClaw on developer systems
Cline CLI 2.3.0 supply chain attack silently installed OpenClaw on developer systems Executive summary The Cline CLI supply chain incident is a practical remind...
March 19, 2026
5 min read
Lucas Oliveira
Research