Security News

SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
2025-04-04 12:28

The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back...

Recent GitHub supply chain attack traced to leaked SpotBugs token
2025-04-03 14:46

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise...

GitHub expands security tools after 39 million secrets leaked in 2024
2025-04-02 18:24

Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security risks. [...]

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
2025-04-02 05:55

Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised...

⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
2025-03-24 11:35

A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the...

Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed
2025-03-23 05:26

The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something...

Coinbase was primary target of recent GitHub Actions breaches
2025-03-21 23:35

Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. [...]

Critical GitHub Attack
2025-03-20 15:14

This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which...

GitHub Action supply chain attack exposed secrets in 218 repos
2025-03-20 14:34

The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to...

CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
2025-03-19 05:05

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known...