A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...

Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.

Wiz, on the other hand, told The Register via email that more than 1,000 valid GitHub tokens were leaked and around 20,000 ... which would force their machines to shut down upon logging in. "The fact ...

Many top-level open source projects have been found leaking GitHub auth tokens, putting entire projects at risk of data theft and malicious code tampering. Cybersecurity researchers from Unit 42 ...

GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations. The attacker used stolen OAuth ...

Documentation startup Mintlify says dozens of customers had GitHub tokens exposed in a data breach at the start of the month and publicly disclosed last week. Mintlify helps developers create ...

Developers from hundreds of companies have included access tokens for their Slack accounts in public projects on GitHub, putting their teams’ internal chats and other data at risk. Slack has become ...

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...