New Video from @BlackHatOfficialYT Highlights Critical Vulnerabilities in GitHub Actions Configurations

In this video, security experts Adnan Khan and John Stawinsky discuss critical vulnerabilities in GitHub Actions configurations, particularly those involving self-hosted runners on public repositories. They begin with a revealing anecdote: a vulnerability discovered in the public repository of one of the largest chip manufacturers in the United States, which could have allowed an attacker to gain enterprise administrator privileges on the company's GitHub Enterprise Cloud tenant. This vulnerability could have exposed some of the company's most sensitive intellectual properties or even deleted their GitHub organizations entirely.