Simulated Digital Cyber Attack

A GitHub Personal Access Token posted in Slack. Left exposed since July 2024. That's all it took to compromise an entire software build pipeline and gain the ability to poison every artifact the organization shipped.

Abstract visualization of GitHub token exposure in Slack leading to software supply chain compromise

The one where a slack message became a supply chain backdoor

A GitHub Personal Access Token posted in Slack. Left exposed since July 2024. That's all it took to compromise an…