News

GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign

Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...
Bleeping Computer3y

GitHub notifies owners of private repos stolen using OAuth tokens

GitHub says it notified all organizations believed to have had data stolen from their private repositories by attackers abusing compromised OAuth user tokens issued to Heroku and Travis-CI. "As of ...
PC World9y

Developers leak Slack access tokens on GitHub, putting sensitive business data at risk

Developers from hundreds of companies have included access tokens for their Slack accounts in public projects on GitHub, putting their teams’ internal chats and other data at risk. Slack has become ...
Bleeping Computer1y

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
CSOonline1y

Major GitHub repos leak access tokens putting code and clouds at risk

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure. An analysis of build ...
InfoWorld5mon

GitHub suffers a cascading supply chain attack compromising CI/CD secrets

A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The ...