Hosted on MSN

Coinbase fends off targeted GitHub Action attack in early-stage breach attempt

Security experts claim that the publicly listed exchange Coinbase was the primary target in the GitHub Action supply chain attack. According to the cybersecurity firms analyzing the incident, the ...
Dark Reading

Supply Chain Attacks Targeting GitHub Actions Increased in 2025

At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open ...
InfoWorld

GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments

Wiz has found threat actors exploiting GitHub tokens, giving them access to GitHub Action Secrets and, ultimately, cloud ...
Bleeping Computer

GitHub Action supply chain attack exposed secrets in 218 repos

The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...