India, April 22 -- Tenable Research has identified a critical vulnerability (CVSSv4 9.3) in a Microsoft GitHub repository that allowed for Remote Code Execution (RCE) and unauthorized access to repository secrets. This disclosure highlights that CI/CD infrastructure is a critical part of a modern attack surface. The discovery involves a vulnerable GitHub workflow, [GitHub's automation scripts using one or more jobs using GitHub Actions] within the Windows-driver-samples repository. This repository, which has been forked 5,000 times and has 7,700 stars, represents a significant point of interaction for developers. Tenable researchers demonstrated how the repository's CI/CD infrastructure could be exploited to compromise the software supply...