Malicious npm package sneaks into GitHub Actions builds

InfoWorld
Nov 12, 2025, 7:00 am85 pts
A malicious npm package named “@acitons/artifact” was found impersonating the legitimate “@actions/artifact” module, directly targeting the CI/CD pipelines within GitHub Actions workflows. According to Veracode findings, the package was uploaded on November 7 and was designed to trigger during the build…

Read Article Share
Share Article
- email
- x.com
- facebook
- pocket
- reddit
- tumblr
- linkedin
- pinterest

Trending Today on Tech News Tube

Amazon is reportedly ready to drop its USPS deal if negotiations fall through

The Verge

Amazon is reportedly ready to drop its USPS deal if negotiations fall through 130

Microsoft quietly patches LNK vulnerability that's been weaponized for years

TechRadar

Microsoft quietly patches LNK vulnerability that's been weaponized for years 129

Tech Forum 2026: Quanta races ahead to lead high-end AI servers in 2026

Digitimes

Tech Forum 2026: Quanta races ahead to lead high-end AI servers in 2026 128

EU Hits Meta With Antitrust Probe Over Plans To Block AI Rivals From WhatsApp

Slashdot

EU Hits Meta With Antitrust Probe Over Plans To Block AI Rivals From WhatsApp 124

Micron to exit consumer business as AI reshapes global memory demand

Digitimes

Micron to exit consumer business as AI reshapes global memory demand 121

Microsoft 'Mitigates' Windows LNK Flaw Exploited As Zero-Day

Slashdot

Microsoft 'Mitigates' Windows LNK Flaw Exploited As Zero-Day 116

Tech Forum 2026: Quanta warns power shortages may stall next server growth wave

Digitimes

Tech Forum 2026: Quanta warns power shortages may stall next server growth wave 115

Nvidia's Jetson Thor platform drives edge-AI surge as Edom eyes medical assistive devices as mainstream applications

Digitimes

Nvidia's Jetson Thor platform drives edge-AI surge as Edom eyes medical assistive devices as mainstream applications 109

About Tech News Tube

Tech News Tube is a real time news feed of the latest technology news headlines.

Follow all of the top tech sites in one place, on the web or your mobile device.

Featured

Over 70 US banks and credit unions…

Over 70 US banks and credit unions affected by Marquis ransomware breach -…

Amazon’s new Kindle Scribe and Kindle…

Amazon’s new Kindle Scribe and Kindle Scribe Colorsoft launch on December 10

Microsoft quietly shuts down Windows…

Microsoft quietly shuts down Windows shortcut flaw after years of espionage…

EU investigating Meta over policy change that bans rival AI chatbots from…

Our highest-rated Xbox controller is…

Our highest-rated Xbox controller is still available for 20% off, and it's got…

Tech Forum 2026: GW-level AI data…

Tech Forum 2026: GW-level AI data centers become new norm as Taiwan supply chain…

The Abandons review: New Netflix western…

The Abandons review: New Netflix western is no Yellowstone, but Gillian Anderson…

NVIDIA CEO Jensen Huang commends…

NVIDIA CEO Jensen Huang commends Tesla’s Elon Musk for early belief

Tech Forum 2026: Telecoms pull back on…

Tech Forum 2026: Telecoms pull back on 5G as agentic AI sparks new momentum for…

Samsung reportedly wins majority of…

Samsung reportedly wins majority of Nvidia's 2026 SOCAMM2 supply