News
1don MSN
GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign
Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...
A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...
Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account ...
Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.
A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of ...
Hundreds of GitHub users and repositories have been hit by another supply chain attack, in which threat actors have already ...
Salesloft has revealed that threat actors targeted customer Salesforce data after breaching its GitHub account ...
Threat actors had access to Salesloft’s GitHub account between March and June 2025 and performed reconnaissance.
The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the ...
At its Satellite conference in Berlin today, GitHub — the code hosting platform Microsoft acquired for $7.5 billion in stock last year — unveiled improvements it says are intended to make software ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback