News
6don MSN
GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign
Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...
Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account ...
A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...
The leaked token, accidentally embedded by the company’s employee in a public repository, might have provided an attacker with unrestricted access to the company’s GitHub Enterprise server. Thus, ...
Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.
It has been discovered that GitHub authentication tokens have been leaked from several well-known open source projects on GitHub, including those from Google, Microsoft, Amazon Web Services (AWS), and ...
On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...
A recent data breach has rocked Mintlify, a documentation startup, as it discloses that numerous customers' GitHub tokens were compromised. This breach, revealed last week, has sparked concerns within ...
At its Satellite conference in Berlin today, GitHub — the code hosting platform Microsoft acquired for $7.5 billion in stock last year — unveiled improvements it says are intended to make software ...
Scrubbing tokens from source code is not enough, as shown by the publishing of a Python Software Foundation access token with administrator privileges to a container image on Docker Hub. A personal ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback