CodeQLEAKED – GitHub Supply Chain Attack Allows Code Execution Using CodeQL Repositories

A significant vulnerability in GitHub’s CodeQL actions could have permitted attackers to execute malicious code across hundreds of thousands of repositories.  The vulnerability, assigned CVE-2025-24362, originated from a publicly exposed GitHub token in workflow artifacts that created a small but exploitable window of opportunity. The vulnerability was discovered in January 2025 by a security researcher […]

The post CodeQLEAKED – GitHub Supply Chain Attack Allows Code Execution Using CodeQL Repositories appeared first on Cyber Security News.

This article has been indexed from Cyber Security News

Read the original article: