GitHub Actions – Page 2 – Experimental News Clipping Site

Hacker News: Show HN: Formal Verification for Machine Learning Models Using Lean 4

Mar 23, 2025

—

by

Source URL: https://github.com/fraware/leanverifier Source: Hacker News Title: Show HN: Formal Verification for Machine Learning Models Using Lean 4 Feedly Summary: Comments AI Summary and Description: Yes Summary: The project focuses on the formal verification of machine learning models using the Lean 4 framework, targeting aspects like robustness, fairness, and interpretability. This framework is particularly relevant…

Schneier on Security: Critical GitHub Attack

Mar 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2025/03/critical-github-attack.html Source: Schneier on Security Title: Critical GitHub Attack Feedly Summary: This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have originated from an…

Hacker News: The Pain That Is GitHub Actions

Mar 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.feldera.com/blog/the-pain-that-is-github-actions Source: Hacker News Title: The Pain That Is GitHub Actions Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text provides an in-depth account of the author’s experiences with configuring CI scripts in GitHub Actions after multiple attempts, illustrating the complexities and potential security issues inherent in CI models. Key insights…

Unit 42: Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files

Mar 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/ Source: Unit 42 Title: Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files Feedly Summary: A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains. The post Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files appeared first…

Alerts: Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066

Mar 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066 Source: Alerts Title: Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066 Feedly Summary: A popular third-party GitHub Action, tj-actions/changed-files (tracked as CVE-2025-30066), was compromised. This GitHub Action is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets including,…

The Register: Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos

Mar 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/18/wiz_github_supply_chain/ Source: The Register Title: Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos Feedly Summary: Ad giant’s cloudy arm to pay $30B in security shop deal Wiz security researchers think they’ve found the root cause of the GitHub supply chain attack that unfolded over the weekend, and…

Hacker News: Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos

Mar 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised Source: Hacker News Title: Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos Feedly Summary: Comments AI Summary and Description: Yes Summary: A critical security incident has been identified involving the tj-actions/changed-files GitHub Action, which has been compromised to leak sensitive CI/CD secrets. This incident underscores the urgency for security and…

Simon Willison’s Weblog: Here’s how I use LLMs to help me write code

Mar 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Mar/11/using-llms-for-code/ Source: Simon Willison’s Weblog Title: Here’s how I use LLMs to help me write code Feedly Summary: Online discussions about using Large Language Models to help write code inevitably produce comments from developers who’s experiences have been disappointing. They often ask what they’re doing wrong – how come some people are reporting…

Simon Willison’s Weblog: Cutting-edge web scraping techniques at NICAR

Mar 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Mar/8/cutting-edge-web-scraping/#atom-everything Source: Simon Willison’s Weblog Title: Cutting-edge web scraping techniques at NICAR Feedly Summary: Cutting-edge web scraping techniques at NICAR Here’s the handout for a workshop I presented this morning at NICAR 2025 on web scraping, focusing on lesser know tips and tricks that became possible only with recent developments in LLMs. For…

Anchore: Effortless SBOM Analysis: How Anchore Enterprise Simplifies Integration

Feb 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/effortless-sbom-analysis-how-anchore-enterprise-simplifies-integration/ Source: Anchore Title: Effortless SBOM Analysis: How Anchore Enterprise Simplifies Integration Feedly Summary: As software supply chain security becomes a top priority, organizations are turning to Software Bill of Materials (SBOM) generation and analysis to gain visibility into the composition of their software and supply chain dependencies in order to reduce risk.…

Tag: GitHub Actions