Researchers claim primary target of a recent cascading supply chain attack was Coinbase The cryptocurrency exchange was not compromised, but hundreds of other projects might suffer The attack went ...

Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.

That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow - exposed way back in November, months earlier than ...

The threat actors in the GitHub Action supply chain attack were targeting Coinbase as part of their initial wave, according to a report from Palo Alto Networks Unit 42. Researchers from Wiz ...

Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. As previously ...

Leaked SpotBugs PAT in November 2024 led to a GitHub supply chain attack, compromising Coinbase in March 2025.

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise ...

The stolen funds were swiftly moved across multiple blockchains, significantly complicating efforts to trace and recover them.

"The attacker obtained a GitHub token with write permissions to the coinbase/agentkit repository on March 14, 2025, 15:10 UTC, less than two hours before the larger attack was initiated against tj ...