Part 5/14:

Imagine an attacker submitting a malicious pull request containing a tainted settings.json, which, when processed in CI/CD, executes malicious commands. These commands could include stealing API keys, token compromises, or pivoting within the network environment. If this code runs within a CI/CD runner—whether hosted on cloud services like GitHub or on-premises servers—the attacker gains a foothold inside the organization's infrastructure.

Hooks and Arbitrary Command Execution