Recent GitHub supply chain attack traced to leaked SpotBugs token
A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen ...
GitHub expands security tools after 39 million secrets leaked in 2024
Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations ...
Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot
Lasso extracted a list of repositories that were public at any point in 2024 and identified the repositories that had since been deleted or set to private. Using Bing’s caching mechanism, the company ...
InfoQ12d
How GitHub Leverages CodeQL for Security
GitHub’s Product Security Engineering team secures the code behind GitHub by developing tools like CodeQL to detect and fix ...
SecurityWeek12d
Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
InfoWorld15d
GitHub suffers a cascading supply chain attack compromising CI/CD secrets
CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.
The Hacker News11d
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed
CVE-2025-30066 supply chain attack compromised tj-actions on March 14, 2025, exposing 218 repositories and leaking credentials.
GIGAZINE1mon
It was pointed out that repositories that were supposed to be private on GitHub were made public through Microsoft's AI assistant 'Copilot'
Mar 03, 2025 11:45:00 It was pointed out that repositories that were supposed to be private on GitHub were made public through Microsoft's AI assistant 'Copilot' The software development platform ...