Hackerbot-Claw: AI Bot Exploiting GitHub Actions – Microsoft, Datadog Hit So Far
varunsharma07
12 points
3 comments
March 01, 2026
Related Discussions
Found 5 related stories in 100.8ms across 8,303 title embeddings via pgvector HNSW
- GitHub Actions is the weakest link dochtman · 226 pts · April 28, 2026 · 62% similar
- A GitHub Issue Title Compromised 4k Developer Machines edf13 · 368 pts · March 05, 2026 · 62% similar
- Megalodon: Mass GitHub Repo Backdooring via CI Workflows Sudhanshu2310 · 14 pts · May 21, 2026 · 60% similar
- Supply-chain attack using invisible code hits GitHub and other repositories tannhaeuser · 14 pts · March 15, 2026 · 58% similar
- Show HN: Mozilla.ai introduces Clawbolt, an AI Assistant for the trades river_otter · 11 pts · March 03, 2026 · 57% similar
Discussion Highlights (2 comments)
varunsharma07
We analyzed an autonomous bot (hackerbot-claw) that's actively scanning GitHub repos for exploitable Actions workflows. It hit Microsoft, DataDog, a CNCF project, and awesome-go (140k stars) achieving RCE in 4 out of 5 targets and exfiltrating a GITHUB_TOKEN. Full breakdown of the 5 attack techniques with evidence.
aperi
safe to say the root cause is bad PRs (untrusted)?