GitHub Action supply chain attack exposed secrets in 218 repos
The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it ...
InfoWorld12d
GitHub suffers a cascading supply chain attack compromising CI/CD secrets
CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.
Security Boulevard4d
Yes, GitHub’s Copilot can Leak (Real) Secrets
Researchers successfully extracted valid hard-coded secrets from Copilot and CodeWhisperer, shedding light on a novel ...
Cryptopolitan on MSN8d
Coinbase fends off targeted GitHub Action attack in early-stage breach attempt
According to the cybersecurity firms analyzing the incident, the attacker initially tried to compromise the Coinbase ...
Computer History Museum Releases Original AlexNet Code: Why It Matters
Google and the Computer History Museum release AlexNet’s original 2012 source code on GitHub, offering a rare look at a ...
InfoQ9d
How GitHub Leverages CodeQL for Security
GitHub’s Product Security Engineering team secures the code behind GitHub by developing tools like CodeQL to detect and fix ...
GitHub Action hack likely led to another in cascading supply chain attack
A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed ...
Coinbase targeted after recent Github attacks
Researchers claim primary target of a recent cascading supply chain attack was Coinbase The cryptocurrency exchange was not ...
InfoWorld13d
Thousands of open source projects at risk from hack of GitHub Actions tool
Researchers say compromised tool in the GitHub CI/CD environment stole credentials; infosec leaders need to act immediately.