A significant vulnerability in GitHub’s CodeQL actions could have permitted attackers to execute malicious code across hundreds of thousands of repositories. The vulnerability, assigned CVE-2025-24362, originated from a publicly exposed GitHub token in workflow artifacts that created a small but exploitable window of opportunity. The vulnerability was discovered in January 2025 by a security researcher […]
The post CodeQLEAKED – GitHub Supply Chain Attack Allows Code Execution Using CodeQL Repositories appeared first on Cyber Security News.
This article has been indexed from Cyber Security News