TechRadar

GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign

GhostAction attack stole 3,325 secrets from 327 GitHub accounts GitGuardian helped shut it down and alerted affected projects A separate NPM attack hit 2,000 accounts but was unrelated Thousands of ...
SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
Bleeping Computer

GitHub now can auto-block token and API key leaks for all repos

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. Today's announcement comes after the company introduced push ...
Bleeping Computer

Recent GitHub supply chain attack traced to leaked SpotBugs token

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise ...
CSOonline

HasMySecretLeaked finds exposed secrets in the GitHub repository

Exposing hard-coded credentials and sensitive secrets through public code repositories has been a major security risk for organizations for years, with over 10 million new instances of credential ...
CSOonline

Major GitHub repos leak access tokens putting code and clouds at risk

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure. An analysis of build ...