Technology ❯ Software Development ❯ Package Management ❯ npm
Attackers hijacked GitHub Actions using OIDC tokens to ship signed releases that stole developer and cloud secrets.