The popular GitHub Actions actions-cool/issues-helper and actions-cool/maintain-one-comment have been compromised through a supply-chain attack: all existing tags in the repositories were retargeted to malicious commits that extract credentials from CI/CD pipelines and send them to an attacker-controlled server. Any GitHub Actions workflow that references these actions by version (tag) will, on its next run, download the malicious code. The only effective protection is pinning to the full SHA hash of a known-safe commit.

Attack mechanism: imposter commits

According to researcher Varun Sharma from StepSecurity, the attack was carried out using the imposter commits technique — a supply-chain compromise method in which malicious code is injected by referencing a commit or tag that exists only in an attacker-controlled fork, rather than in the original trusted repository. This approach makes it possible to bypass standard Pull Request checks and achieve arbitrary code execution.

As StepSecurity reports, every existing tag in the actions-cool/issues-helper repository was moved to point to an imposter commit that does not appear in the action’s normal commit history. This means the malicious code remains invisible during a standard review of the repository’s history.

Malicious code execution chain

When run in a GitHub Actions Runner environment, the malicious commit performs the following sequence of actions:

• Downloads the Bun JavaScript runtime onto the runner
• Reads the memory of the Runner.Worker process to extract credentials
• Makes an outbound HTTPS request to a domain controlled by the attacker to exfiltrate the stolen data

Reading the memory of the Runner.Worker process is a particularly dangerous vector, since this process contains secrets, access tokens, and other credentials used in the CI/CD pipeline. Compromise of this data can give attackers access to repositories, cloud environments, and other resources tied to the workflows.

Scope of compromise

According to researchers, in addition to actions-cool/issues-helper, 15 tags of the second GitHub Action — actions-cool/maintain-one-comment — have also been compromised with similar functionality. GitHub has blocked access to the repository actions-cool/maintain-one-comment, citing a violation of the platform’s terms of use. The specific reasons for this decision have not been disclosed.

Since all tags now point to malicious commits, every workflow that references these actions by version — for example, using constructs such as actions-cool/issues-helper@v3 or actions-cool/issues-helper@latest — is at risk. On its next run, such a workflow will automatically download and execute the malicious code.

Indicators of compromise

The data exfiltration domain observed during analysis:

• t.m-kosche[.]com — the domain to which the stolen credentials are sent

Organizations are advised to check their network logs for any connections to this domain from the CI/CD environment.

Impact assessment

This attack poses a high level of risk for organizations using the affected GitHub Actions in their CI/CD pipelines. Compromise of runner credentials can trigger cascading consequences: unauthorized access to private repositories, cloud infrastructure, container registries, and other resources whose secrets are passed through GitHub Actions.

Projects with open source code and organizations that do not pin dependencies to specific commit SHA hashes are especially vulnerable. The widespread adoption of GitHub Actions as an automation platform makes such supply-chain attacks potentially far-reaching.

Response recommendations

1. Immediately stop using actions-cool/issues-helper and actions-cool/maintain-one-comment in all workflows
2. Audit CI/CD runner logs for outbound connections to the domain t.m-kosche[.]com
3. Rotate all secrets that were accessible in workflows using the compromised actions: GitHub tokens, API keys, and cloud provider credentials
4. Switch to pinning full commit SHA hashes for all third-party GitHub Actions instead of referencing tags or branches — this is the only reliable way to defend against such attacks
5. Implement network activity monitoring on runners to detect anomalous outbound connections from the CI/CD environment

This incident clearly demonstrates a fundamental problem in the GitHub Actions trust model: mutable tags do not guarantee code integrity. Every organization using third-party GitHub Actions should audit its workflows and change all external action references from tags to full commit SHA hashes. For those already affected, the top priority is the immediate rotation of all secrets that may have been accessible to compromised runners.