Security News > 2025 > April > Recent GitHub supply chain attack traced to leaked SpotBugs token
2025-04-03 14:46
A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise multiple GitHub projects. [...]
News URL
Related news
- SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack (source)
- That massive GitHub supply chain attack? It all started with a stolen SpotBugs token (source)
- Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Case Study: Are CSRF Tokens Sufficient in Preventing CSRF Attacks? (source)
- GitHub expands security tools after 39 million secrets leaked in 2024 (source)
- Cookie-Bite attack PoC uses Chrome extension to steal session tokens (source)
- Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
- Ripple NPM supply chain attack hunts for private keys (source)
- Hackers ramp up scans for leaked Git tokens and secrets (source)