News
A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen ...
The Register on MSN10d
That massive GitHub supply chain attack? It all started with a stolen SpotBugs tokenBut this mystery isn't over yet, Unit 42 opines That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow - ...
Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.
Leaked SpotBugs PAT in November 2024 led to a GitHub supply chain attack, compromising Coinbase in March 2025.
Infoseccers at Google acquisition target Wiz think they've found the root cause of the GitHub supply chain attack that unfolded over the weekend, and they say that a separate attack may have been to ...
A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally target ...
Slopsquatting and vibe coding are fueling a new wave of AI-driven cyberattacks, exposing developers to hidden risks through ...
Subsequent investigation showed that the attack was likely made possible via another supply chain attack targeting the "reviewdog/action-setup@v1" GitHub Action. That breach may have compromised a ...
We know a bit more about the GitHub Actions supply chain attack from last month. Palo Alto’s Unit 42 has been leading the ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback