Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers.

To receive alerts on GitHub Actions and vulnerabilities impacting your code, you can enable Dependabot by selecting “Enable all” under the Code security and analysis tab.