Security News

SWE-agent: Open-source tool uses LLMs to fix issues in GitHub repositories
2025-04-23 05:30

By connecting powerful language models like GPT-4o and Claude Sonnet 3.5 to real-world tools, the open-source tool SWE-agent allows them to autonomously perform complex tasks: from fixing bugs in...

That massive GitHub supply chain attack? It all started with a stolen SpotBugs token
2025-04-07 20:11

But this mystery isn't over yet, Unit 42 opines That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow -...

SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
2025-04-04 12:28

The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back...

Recent GitHub supply chain attack traced to leaked SpotBugs token
2025-04-03 14:46

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise...

GitHub expands security tools after 39 million secrets leaked in 2024
2025-04-02 18:24

Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security risks. [...]

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
2025-04-02 05:55

Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised...

⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
2025-03-24 11:35

A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the...

Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed
2025-03-23 05:26

The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something...

Coinbase was primary target of recent GitHub Actions breaches
2025-03-21 23:35

Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. [...]

Critical GitHub Attack
2025-03-20 15:14

This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which...