GitHub supply chain attack spills secrets from 23,000 projects
StepSecurity disclosed a compromise of the popular GitHub Action tj-actions/changed-files, which works to detect file changes ...
CPO Magazine14d
Nearly 12,000 Live API Keys for AWS, MailChimp, and WalkScore Found in AI Training Dataset
Nearly 12,000 live API keys were found in an AI training dataset used by various models such as OpenAI and DeepSeek, exposing services like AWS, MailChimp, and Slack to exploitation.
GovInfoSecurity10d
Supply Chain Attack Targets GitHub Repositories and Secrets
Attackers subverted a widely used tool for software development environment GitHub, potentially allowing them to steal ...
InfoWorld8d
Thousands of open source projects at risk from hack of GitHub Actions tool
Researchers say compromised tool in the GitHub CI/CD environment stole credentials; infosec leaders need to act immediately.
GovInfoSecurity9d
Second GitHub Actions Supply Chain Attack Discovered
Just days after researchers discovered an attack that subverted a widely used tool for software development platform GitHub, they discovered a second, prior attack, ...