Bleeping Computer

GitHub Action hack likely led to another in cascading supply chain attack

To prevent similar compromises in the future, pin GitHub Actions to commit hashes instead of version tags and use GitHub's allow-listing feature to restrict unauthorized actions. Those supply chain ...
Dark Reading

GitHub Aims to Secure Supply Chain as NPM Hacks Ramp Up

GitHub this week committed to a more secure NPM supply chain in the wake of a handful of attacks causing widespread compromise. On Sept. 22, GitHub senior director of security research Xavier ...