Home / Companies / Twilio / Blog / Post Details
Content Deep Dive

June 2026 Fraud Update: Securing Your Secrets and CI/CD from the Supply Chain

Blog post from Twilio

Post Details
Company
Date Published
Author
Dan Nieters, Alena Eissman, Dave Westbrook, Dave Esber, Paul Kamp
Word Count
1,285
Company Posts That Month
24
Language
English
Hacker News Points
-
Summary

In June 2026, Twilio reported on the rising trends of fraud and abuse in the tech industry, focusing on supply chain attacks primarily aimed at credential harvesting. These attacks often exploit GitHub Actions workflows to inject malware, targeting sensitive data like Twilio Auth tokens and API keys. Twilio identified specific campaigns, such as the Trivy Scanner Compromise and the Mini Shai-Hulud, which utilized tactics like CI/CD cache poisoning and OIDC token hijacking. Twilio emphasizes the importance of securing deployment workflows and access keys, recommending practices such as referencing immutable commit SHAs, limiting untrusted code execution, and enforcing cryptographic signing. Additionally, Twilio highlights the significant risk posed by ISV end-user account takeovers, often initiated through API key compromises, and advocates for a multi-layered defense strategy. To combat the challenge of "Secrets Sprawl," Twilio advises adopting secrets management tools to securely manage and rotate secrets, thereby enhancing overall enterprise security.

Trends Found in this Post

No tracked trend matches for this post yet.