News

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...

GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign

Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
TechJuice

Massive npm Supply-Chain Attack: Shai-Hulud Worm Infects Over 180 Packages

A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...

A terrifying, self-replicating malwaere has infected npm packages with over 2 million downloads per week - here's how to stay safe

"After detecting several malicious Node Package Manager (NPM) packages in the public NPM registry, a third-party open source ...
adtmag.com

Ionic Partners with AWS for Mobile Back-End Starter Project on GitHub

Ionic is known for its open source framework and associated development tools that can create native mobile apps with one codebase based on AngularJS, Apache Cordova and JavaScript/CSS Web ...
InfoQ

AWS Lambda Adds Support for GitHub Actions

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Senyo Simpson discusses how Rust's core ...
SecurityWeek

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets

A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of secrets.