Defense Evasion > One Supply Chain Attack to Rule Them All – Poisoning GitHub's Runner Images

A critical vulnerability in GitHub Actions, involving a misconfigured self-hosted runner in the actions/runner-images repository, allowed potential compromise of all GitHub and Azure hosted runner images.