theOmegabit1d ago
Wiz 

🚨 500+ malicious PRs. One campaign.

Wiz Research traced 6 waves of prt-scan starting 3 weeks earlier.
AI-powered, automated attacks exploiting pull_request_target.

Low success rate—but real npm + cloud creds hit.

Full story: https://www.wiz.io/blog/six-accounts-one-actor-inside-the-prt-scan-supply-chain-campaign

prt-scan: AI-Powered GitHub Actions Supply Chain Attack | Wiz Blog

Wiz Research traces six waves of pull_request_target exploitation to one actor, starting three weeks before public disclosure. 500+ malicious PRs, 10% success.

wiz.io
Apr 6 at 10:02amWeb