THREATOPS
THREAT OPSThreat News › Bringing full YAML anchor support to zizmor

Bringing full YAML anchor support to zizmor

lowtrailofbitsPublished 2026-05-22

<p>In March 2026, attackers exploited a <code>pull_request_target</code> misconfiguration in the <a href="https://github.com/aquasecurity/trivy-action"><code>aquasecurity/trivy-action</code></a> GitHub Action to exfiltrate organization and repository secrets, then used those credentials to backdoor <a href="https://github.com/BerriAI/litellm">LiteLLM</a> on PyPI (see <a href="https://github.com/aq

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://blog.trailofbits.com/2026/05/22/we-hardened-zizmors-github-actions-static-analyzer/