GitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "pull_request_target workflow" trigger to run malicious code with the workflow's full privileges.

Effective June 18, 2026, the latest version of "actions/checkout," the official GitHub action for checking out a repository into the



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/06/github-updates-actionscheckout-to-block.html