June 2026 Fraud Update: Securing Your Secrets and CI/CD from the Supply Chain
Blog post from Twilio
In June 2026, Twilio reported on the rising trends of fraud and abuse in the tech industry, focusing on supply chain attacks primarily aimed at credential harvesting. These attacks often exploit GitHub Actions workflows to inject malware, targeting sensitive data like Twilio Auth tokens and API keys. Twilio identified specific campaigns, such as the Trivy Scanner Compromise and the Mini Shai-Hulud, which utilized tactics like CI/CD cache poisoning and OIDC token hijacking. Twilio emphasizes the importance of securing deployment workflows and access keys, recommending practices such as referencing immutable commit SHAs, limiting untrusted code execution, and enforcing cryptographic signing. Additionally, Twilio highlights the significant risk posed by ISV end-user account takeovers, often initiated through API key compromises, and advocates for a multi-layered defense strategy. To combat the challenge of "Secrets Sprawl," Twilio advises adopting secrets management tools to securely manage and rotate secrets, thereby enhancing overall enterprise security.
No tracked trend matches for this post yet.