Product
medium
advisory
Detection of Unauthorized GitHub Actions Runner Registration
3 rules 3 TTPsThe configuration of a GitHub Actions self-hosted runner using the Runner.Listener binary can indicate malicious activity aimed at establishing remote code execution via malicious GitHub workflows.
GitHub Actions Runner
github-actions
supply-chain
remote-code-execution
3r
3t
medium
advisory
Execution via GitHub Actions Runner
2 rules 8 TTPsCompromised GitHub Actions workflows allow attackers to execute arbitrary commands on self-hosted runners, leading to code execution, file manipulation, and potential data exfiltration.
GitHub Actions Runner
github-actions
supply-chain
execution
2r
8t