Compromised GitHub action codfish/semantic-release-action steals CI/CD secrets
An alarming supply chain attack has targeted cloud development pipelines through the compromise of the popular GitHub Action codfish/semantic-release-action. Threat actors managed to hijack the repository and maliciously repointed existing mutable release tags ranging from v2 to v5. The updated tags point to a dangerous payload known as "Miasma," which actively scans runtime environments to extract high-value CI/CD secrets, cloud deployment credentials, and API access tokens. Because many engineering groups automatically pull these version tags during automated builds, the malware executes with the full permissions of the running pipeline, resulting in widespread cloud infrastructure exposure.Fixing this security breach requires teams to immediately scour all GitHub workflow configuration files (.github/workflows) and replace mutable version tags with immutable, verified Git commit SHAs for all third-party actions. Simultaneously, any secrets, private keys, or deployment tokens exposed to automated workflows using the compromised action must be assumed breached and rotated immediately.If you need expert assistance in identifying compromised packages, securing your CI/CD pipelines, or conducting an emergency supply chain audit, contact Cyberlinx today to protect your development environment.
Related Articles





