Skip to main content
See every side of every news story
Published loading...Updated

GitHub Actions Hardens Checkout Security to Block ‘Pwn Request’ Attacks

Summary by CSO Online
Stung by a surge in cyberattacks that have run amok in developer environments, GitHub has strengthened the security of actions/checkout to block ‘pwn request’ attacks that exploit insecure use of the pull_request_target workflow trigger to run an attacker’s code with the workflow’s full privileges. Announced on June 18, actions/checkout v7 now automatically blocks and fails workflows when used inside pull_request_target or workflow_run events wh…
DisclaimerThis story is only covered by news sources that have yet to be evaluated by the independent media monitoring agencies we use to assess the quality and reliability of news outlets on our platform. Learn more here.

4 Articles

Security at GitHub Actions has gained new protection with an important update in the actions/checkout, one of the most used tools in automation workflows. The change was created to prevent a technique known as Pwn Request, which can allow malicious code sent by external collaborators to be executed within environments with high permissions. With the growth of attacks against the software supply chain, IC/CD pipelines have become one of the main …

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • There is no tracked Bias information for the sources covering this story.

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

Cyber Security News broke the news on Monday, June 22, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

News
Feed Dots Icon
For You
Search Icon
Search
Blindspot LogoBlindspotLocal