The compromise of the xygeni-action represents a CI/CD supply chain attack in which a threat actor leveraged tag poisoning to distribute a backdoored GitHub Action at scale. The attacker first gained access to the repository via compromised maintainer credentials and a GitHub App token, enabling them to create malicious pull requests containing an obfuscated payload. Although these PRs were not merged due to branch protections, the attacker bypassed this control by force-moving the mutable v5 tag to reference a malicious, unmerged commit.
Because most workflows referenced the action using @v5, this change caused downstream CI/CD pipelines to automatically execute the malicious code without any visible modification to workflow definitions. The injected payload introduced a covert reverse shell implant into the CI runner environment, masquerading as a benign telemetry step within the action configuration. Once executed, the implant established outbound communication with a command-and-control (C2) server and enabled remote command execution within the CI job context.
The backdoor operated silently alongside legitimate pipeline execution, allowing the attacker to harvest secrets (e.g., tokens, environment variables), access source code, and manipulate build artifacts during the runtime window.