SecurityThe Registry Trusted the Token
GitHub OIDC trusted-publishing solved the stored-credential problem and created a new attack surface in the same motion: three independent actors exploited it in a single week, producing malicious packages carrying valid provenance attestations.