InfoWorld8d
GitHub suffers a cascading supply chain attack compromising CI/CD secrets
CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.
CSO Online10d
GitHub accounts targeted with fake security alerts
In a new phishing campaign, GitHub developers are being targeted with fake “Security Alerts” where they are prompted to ...
InfoWorld9d
Thousands of open source projects at risk from hack of GitHub Actions tool
Researchers say compromised tool in the GitHub CI/CD environment stole credentials; infosec leaders need to act immediately.
Infosecurity-magazine.com23d
North Korean Fake IT Workers Leverage GitHub to Build Jobseeker Personas
These findings come a few weeks after reports of North Korean hackers stealing GitHub profiles to create fake IT worker personas in a new malware campaign targeting freelance developers with deceptive ...