Xygeni GitHub Action Compromised via Tag Poisoning

Attackers compromised the GitHub Action xygeni/xygeni-action, maintained by application security vendor Xygeni, by exploiting a technique known as tag poisoning. The threat actors operated an active command-and-control (C2) implant for up to a week during the compromise. The attack targeted the GitHub repository of the action, though no specific dates for the compromise window were provided. No CVE IDs or additional technical details about the implant were disclosed in the report. The impact included potential unauthorized access or malicious code execution via the compromised GitHub Action.