It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack.

The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the ...

Open source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer ...

A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The ...

App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was ...

PRT-scan is the second campaign in recent months where a threat actor has leveraged AI for automated targeting of a ...

GitGuardian has disclosed a new software supply chain attack campaign, dubbed GhostAction, that exfiltrated thousands of sensitive credentials before being detected and contained on September 5. The ...

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. The attack was discovered by ...