Embedded Files
Lessons from the latest attacks and the role of CONSOLE
by the CONSOLE consortium | 20/10/2025
In software engineering today, security breaches don’t just happen in deployed systems — they happen inside the build pipelines, dependency trees, and version control workflows that create those systems.
Recent Exploits in the CI/CD Ecosystem.
In September 2025, the GhostAction campaign exploited GitHub Actions workflows to exfiltrate developer secrets from thousands of repositories. Attackers compromised GitHub accounts and published malicious workflows disguised as legitimate automation tools. Once installed, these workflows quietly sent sensitive data - including API keys, DockerHub credentials, and AWS tokens - to remote servers. The breach exposed a fundamental challenge: automated build systems, when misconfigured or overprivileged, can become Trojan horses that execute malicious code under the guise of continuous integration. A few months earlier, an attack targeted the npm ecosystem, compromising hundreds of JavaScript packages. The attackers gained control of popular maintainers’ accounts and modified packages by inserting obfuscated post-install scripts. These scripts activated automatically during package installation, harvesting credentials and even planting new malicious GitHub Actions into projects that depended on them. Another incident, discovered in March 2025, involved a poisoned GitHub Action widely used by other projects. A legitimate-looking workflow dependency named reviewdog/action-setup was compromised, and any downstream repository that referenced it inadvertently gave attackers a way to steal build secrets. The root cause was the use of mutable version tags rather than immutable, pinned commit hashes. When the upstream action changed, every dependent project silently inherited the compromise.
Streamlining Security with the CONSOLE Platform.
What these attacks teaches us is that the line between development and attack surface has blurred, and the need for tools that embed security directly into the software lifecycle has never been clearer. That’s where CONSOLE can help. The project is building a modular platform that integrates code analysis, dependency auditing, and secure CI/CD management right into the tools developers already use. Its platform brings together multiple security capabilities - static code analysis, dependency auditing, secret detection, and SBOM generation - within a unified orchestration layer that connects directly to developers’ CI/CD pipelines. Instead of forcing developers to manage a tangle of separate scanners and dashboards, CONSOLE aggregates results into a single, consistent interface, normalizing severity levels and filtering duplicates to minimise noise.
Establishing Secure Development as the Industry Standard.
The project’s ultimate goal is to make secure development the default - a workflow where vulnerabilities are caught automatically, where dependencies are verifiable and auditable, and where CI/CD systems are hardened by design rather than patched reactively. For developers, this represents a future where building secure software is no longer an extra step, but an intrinsic part of the process. The recent wave of attacks has shown that the stakes are real, but it has also shown that the right combination of automation, visibility, and secure design can make a decisive difference.
Other relevant blog posts:
Google Sites
Report abuse