|
|
|
|
|
|
by cyberax
270 days ago
|
|
|
Universal OIDC tokens would slow down the lateral expansion and make it more difficult. You won't be able to exfiltrate a token that allows you to publish an NPM package outside of a workflow, the infection has to happen during a build on GH. |
|
|