SANS Stormcast Wednesday, May 20th, 2026: Assume Supply Chain Compromise; GitHub Action Compromise;
Show notes
TeamPCP Supply Chain Campaign: Activity Through 2026-05-17
https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Activity%20Through%202026-05-17/32994
https://slsa.dev/spec/v0.1/levels
Github Action Compromise
https://www.stepsecurity.io/blog/actions-cool-issues-helper-github-action-compromised-all-tags-point-to-imposter-commit-that-exfiltrates-ci-cd-credentials
How Storm-2949 turned a compromised identity into a cloud-wide breach
https://www.microsoft.com/en-us/security/blog/2026/05/18/storm-2949-turned-compromised-identity-into-cloud-wide-breach/
← Previous
SANS Stormcast Tuesday, May 19th, 2026: New libssh in Malware; Exchange 0-Day; MSFT Authenticator Update
Next →
SANS Stormcast Thursday, May 21st, 2026: GitHub Breach; Agentic Threat Intel Feed; NGINX Vuln; YellowKey Fix; Incomplete SonicWall Patch