The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the ...

StepSecurity, a company specializing in security for CI/CD (Continuous Integration/Continuous Delivery) pipelines, has discovered an attack on the open source tool tj ...

A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The ...

Open source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer ...

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure. An analysis of build ...

GitGuardian has disclosed a new software supply chain attack campaign, dubbed GhostAction, that exfiltrated thousands of sensitive credentials before being detected and contained on September 5. The ...

GhostAction attack stole 3,325 secrets from 327 GitHub accounts GitGuardian helped shut it down and alerted affected projects A separate NPM attack hit 2,000 accounts but was unrelated Thousands of ...

Bitwarden’s command-line interface package was briefly poisoned through npm after attackers abused a GitHub Actions workflow in its software release pipeline, turning a trusted password-management ...