GitHub supply chain attack spills secrets from 23,000 projects
StepSecurity disclosed a compromise of the popular GitHub Action tj-actions/changed-files, which works to detect file changes ...
Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts
A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking ...
InfoWorld10d
GitHub suffers a cascading supply chain attack compromising CI/CD secrets
CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.
GitHub Action hack likely led to another in cascading supply chain attack
A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed ...
Security Boulevard3d
CodeQLEAKED – Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL
A potential supply chain attack on GitHub CodeQL started simply: a publicly exposed secret, valid for 1.022 seconds at a time. In that second, an attacker could take a series of steps that would allow ...
The Hacker News12d
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
GitHub Action tj-actions/changed-files was compromised, leaking CI/CD secrets. Users must update immediately to prevent ...
GovInfoSecurity13d
Supply Chain Attack Targets GitHub Repositories and Secrets
Attackers subverted a widely used tool for software development environment GitHub, potentially allowing them to steal ...
Zed Editor Integrates Native Git Support, Enhancing Developer Workflow
Zed, the modern code editor developed by Zed Industries, has introduced native Git integration starting from version 0.177, ...
GovInfoSecurity12d
Second GitHub Actions Supply Chain Attack Discovered
Just days after researchers discovered an attack that subverted a widely used tool for software development platform GitHub, they discovered a second, prior attack, ...