Xygeni Github Documentation and examples for xygeni extensions: third party report ingest, custom detectors, activity sensors, guardrail and workflow actions. xygeni: stop attacks to the software supply chain ! xygeni. Detect and secure vulnerabilities in code created by ai assistants and development teams. you build at ai speed; xygeni keeps pace with comprehensive, end to end appsec coverage.
Xygeni Sensor Github Marketplace Github Xygeni, which sells a number of ai powered appsec products, said in a march 10 security incident report that it "detected suspicious activity affecting the repository used to publish the. On march 3, 2026, an attacker with access to maintainer accounts and a github app token injected a full command and control (c2) reverse shell into xygeni xygeni action, the official github action published by xygeni. On march 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48) injecting obfuscated shell code into action.yml. the prs were blocked by branch protection rules and never merged into the main branch. On march 3, 2026, xygeni's official github action was compromised: attackers used stolen maintainer credentials to inject a full c2 reverse shell backdoor and silently moved the mutable v5 tag to a malicious commit, putting over 137 repositories at risk.
Xygeni Sensor Github Marketplace Github On march 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48) injecting obfuscated shell code into action.yml. the prs were blocked by branch protection rules and never merged into the main branch. On march 3, 2026, xygeni's official github action was compromised: attackers used stolen maintainer credentials to inject a full c2 reverse shell backdoor and silently moved the mutable v5 tag to a malicious commit, putting over 137 repositories at risk. While branch protection rules successfully blocked these prs from the main branch, the attacker exploited compromised github app credentials to perform a “tag poisoning” maneuver. Brian revisits the trivy story by zooming out to the bigger hackerbot claw github actions campaign, then gets into the xygeni tag poisoning compromise, github’s search high availability rebuild for github enterprise server, windows server 2025 surfacing duplicate sid problems in cloned images, and the agent skills ecosystem replaying package supply chain history. plus: a quick lightning. It's a reminder that organization's attack surface is ever more complex, and, if your organization is using github action, maybe you should check if you have proper controls in place to avoid the. The xygeni github action compromise highlights the escalating threat of supply chain attacks targeting ci cd pipelines. as organizations increasingly rely on automated workflows, ensuring the integrity of these processes is paramount to prevent unauthorized access and potential data breaches.
Home Xygeni Software Supply Chain Security While branch protection rules successfully blocked these prs from the main branch, the attacker exploited compromised github app credentials to perform a “tag poisoning” maneuver. Brian revisits the trivy story by zooming out to the bigger hackerbot claw github actions campaign, then gets into the xygeni tag poisoning compromise, github’s search high availability rebuild for github enterprise server, windows server 2025 surfacing duplicate sid problems in cloned images, and the agent skills ecosystem replaying package supply chain history. plus: a quick lightning. It's a reminder that organization's attack surface is ever more complex, and, if your organization is using github action, maybe you should check if you have proper controls in place to avoid the. The xygeni github action compromise highlights the escalating threat of supply chain attacks targeting ci cd pipelines. as organizations increasingly rely on automated workflows, ensuring the integrity of these processes is paramount to prevent unauthorized access and potential data breaches.
Home Xygeni Software Supply Chain Security It's a reminder that organization's attack surface is ever more complex, and, if your organization is using github action, maybe you should check if you have proper controls in place to avoid the. The xygeni github action compromise highlights the escalating threat of supply chain attacks targeting ci cd pipelines. as organizations increasingly rely on automated workflows, ensuring the integrity of these processes is paramount to prevent unauthorized access and potential data breaches.
Xygeni Security Secure Your Software Development And Delivery
Comments are closed.