Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows into thousands of public repositories. A large-scale automated GitHub ...