A security researcher exploited the 'pwn request' vulnerability in a Stripe repository, merging unauthorized commits and exfiltrating a GitHub token. The breach highlights the dangers of insecure GitHub Actions workflows and underscores the need for strict workflow safeguards, token restrictions, and branch protection policies to secure CI/CD pipelines.
