Attackers exploited a script injection vulnerability via GitHub Actions to inject malicious code during the automated build process, poisoning the resulting packages of the popular Python library.