actions/checkout v7 fails workflows that use pull_request_target or workflow_run with unverified fork code — a step toward “Security by Default” philosophy.
At least 15 malicious plugins in the JetBrains Marketplace were designed to steal AI API keys from developers and gain access to internal corporate services.