From Fork to RCE: Deconstructing the Orca Security GitHub Actions ExploitFollowing the attacker's path, from creating a malicious fork to exfiltrating API keys and pushing code to protected branches.
A step-by-step breakdown of the 'Pull Request Nightmare' exploit. See how attackers leverage `pull_request_target` to achieve RCE and steal secrets.