GitHub Blocks Pwn Request Attacks in actions/checkout
🟠 High | Source: The Hacker News GitHub is updating its widely-used ‘actions/checkout’ action to block ‘pwn request’ attacks, where malicious code in pull requests gains full workflow privileges via the ‘pull_request_target’ trigger. Effective 18 June 2026, the new version introduces safeguards to prevent untrusted code from executing in privileged workflow contexts. This matters because successful exploitation allows attackers to exfiltrate secrets, tamper with pipelines, or compromise downstream software supply chains. ...