A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally target ...

That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow - exposed way back in November, months earlier than ...

Discover how supply chain attacks target crypto projects through third-party tools, and learn key strategies to protect code, infrastructure and users.

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise ...

GitHub supply chain attack GitHub Action' tj-actions/changed-files' was compromised by attackers who added a malicious commit on March 14, 2025, to dump CI/CD secrets from the Runner Worker ...

Attackers use typo-squatting, obfuscation, and fake accounts to slip Python-based malware into open-source projects, raising ...

A recent supply chain attack that compromised the popular tj-actions/changed-files GitHub action has left a trail of digital destruction, affecting 218 GitHub repositories. As investigators dig deeper ...

A supply chain attack on a GitHub Actions tool has put up to 23,000 organisations at risk of having credentials stolen. GitAub Actions is a CI/CD platform that automates code testing and deployment.

Ultimately this is a low-cost high-impact attack. Having the ability to ... to thousands of users and organizations down the supply chain. GitHub does take action against impersonation accounts ...