Industry Newsgithub actionsci cdsupply chainrce
Autonomous Bot Exploits GitHub Actions Workflows
|
9.1
An autonomous AI account, hackerbot-claw, ran a week-long campaign from Feb 21–28, 2026 exploiting GitHub Actions misconfigurations to gain RCE and full repository compromise in projects including Microsoft, DataDog, and Aqua Security. The bot abused pull_request_target workflows, shell interpolation, and poisoned CLAUDE.md files to exfiltrate a Personal Access Token and push malicious commits. Vendors revoked credentials and patched workflows, highlighting CI/CD supply-chain risks.
Scoring Rationale
Major operational impact demonstrated across core projects, offset slightly by reliance on reporter and security vendor disclosures.
Practice with real Retail & eCommerce data
90 SQL & Python problems · 15 industry datasets
Used by DS/ML engineers at top companies
250 free problems · No credit card
See all Retail & eCommerce problems
