CPO Magazine13d
Compromise of Popular Tool Leads to Supply Chain Attack on Over 23,000 GitHub Repositories
A compromise of the popular GitHub Actions tool turned into a massive supply chain attack, at this point thought to be ...
InfoQ10d
How GitHub Leverages CodeQL for Security
GitHub’s Product Security Engineering team secures the code behind GitHub by developing tools like CodeQL to detect and fix ...
The Hacker News8d
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed
CVE-2025-30066 supply chain attack compromised tj-actions on March 14, 2025, exposing 218 repositories and leaking credentials.
InfoWorld13d
GitHub suffers a cascading supply chain attack compromising CI/CD secrets
CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.
GitHub Action supply chain attack exposed secrets in 218 repos
The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it ...
InfoQ6d
GitHub Leverages AI for More Accurate Code Secret Scanning
GitHub has unveiled a groundbreaking AI-driven secret scanning feature within Copilot, enhancing password detection in code while significantly reducing false positives. By leveraging advanced context ...
SecurityWeek9d
Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
Coinbase originally targeted during GitHub Action supply chain attack
Researchers from Palo Alto Networks said the hackers likely planned to leverage an open source project of the company for ...