Security News

By connecting powerful language models like GPT-4o and Claude Sonnet 3.5 to real-world tools, the open-source tool SWE-agent allows them to autonomously perform complex tasks: from fixing bugs in...

But this mystery isn't over yet, Unit 42 opines That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow -...

The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back...

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise...

Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security risks. [...]

Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised...

A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the...

The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something...

Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. [...]

This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which...