The Tag Trap: How a Single Commit Swap Turned Xygeni’s GitHub Action into a Clandestine Backdoor
An imperceptible edit to a single tag transformed a ubiquitous security auditing instrument into a clandestine backdoor. A malefactor compromised the official Xygeni GitHub Action, implanting a fully functional remote command shell capable of...
