Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...

Since the Dependency Graph feature is intertwined with the Security Alerts (Vulnerability Alerts) feature, this also means GitHub users will also be eligible to receive automatic security alerts for ...

Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...

On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The ...

A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of secrets.

Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to ...

Sysdig exposed how a trusted GitHub feature can silently hand control to attackers pull_request_target isn’t just risky, it’s a loaded weapon in the wrong hands Even top-tier security projects like ...

The Technology Modernization Fund Board will invest a total of $94.8 million in three projects increasing network security for critical services at separate agencies. “This Administration is on a path ...

Following the 2020 SolarWinds cyberespionage campaign, in which Russian hackers slipped tainted updates into a widely used IT management platform, a series of further software supply chain attacks ...

Code hosting service GitHub has updated its platform this week, and among the many developer-centric changes, the company also rolled out three new security features for project owners. The most ...