Hackaday1d
This Week In Security: Target Coinbase, Leaking Call Records, And Microsoft Hotpatching
We know a bit more about the GitHub Actions supply chain attack from last month. Palo Alto’s Unit 42 has been leading the ...
The Hacker News1d
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
Leaked SpotBugs PAT in November 2024 led to a GitHub supply chain attack, compromising Coinbase in March 2025.
SecurityWeek1d
Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack
Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.
InfoWorld2d
GitHub upgrades tooling to help developers stop leaking secrets
Developers get free and targeted advanced secret scanning features on GitHub to protect organizations from exposed secrets.
Recent GitHub supply chain attack traced to leaked SpotBugs token
A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen ...
SecurityWeek2d
39 Million Secrets Leaked on GitHub in 2024
GitHub has announced new capabilities to help organizations and developers keep secrets in their code protected.
GitHub expands security tools after 39 million secrets leaked in 2024
Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations ...