A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen ...

Slopsquatting and vibe coding are fueling a new wave of AI-driven cyberattacks, exposing developers to hidden risks through ...

Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.

But this mystery isn't over yet, Unit 42 opines That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow - ...

GitHub supply chain attack GitHub Action' tj-actions/changed-files' was compromised by attackers who added a malicious commit on March 14, 2025, to dump CI/CD secrets from the Runner Worker ...

A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally target ...

Leaked SpotBugs PAT in November 2024 led to a GitHub supply chain attack, compromising Coinbase in March 2025.

It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack.

Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue ...

Infoseccers at Google acquisition target Wiz think they've found the root cause of the GitHub supply chain attack that unfolded over the weekend, and they say that a separate attack may have been to ...

A supply chain attack on a GitHub Actions tool has put up to 23,000 organisations at risk of having credentials stolen. GitAub Actions is a CI/CD platform that automates code testing and deployment.