Many enterprises use GitHub Action Secrets to store and protect sensitive information such as credentials, API keys, and tokens used in CI/CD workflows. These private repositories are widely assumed ...
A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The ...
Open source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer ...
A recent supply chain attack that compromised the popular tj-actions/changed-files GitHub action has left a trail of digital destruction, affecting 218 GitHub repositories. As investigators dig deeper ...
GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and ...
A misconfigured AWS CodeBuild webhook allowed bypass of actor ID checks, risking takeover of four AWS GitHub repositories ...
Last week, a supply chain attack on the tj-actions/changed-files GitHub Action caused malicious code to write CI/CD secrets to the workflow logs for 23,000 repositories. If those logs had been public, ...
Some of the most significant software supply chain incidents over the past year were carried out by threat actors who exploited vulnerabilities in GitHub, the global repository widely used by software ...
The Shai-Hulud 2.0 campaign exposed 33,185 unique secrets across 20,649 repositories scanned. Among the exposed credentials, 3,760 remained valid days after discovery. Here is why the next version ...
Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
Infrastructure-as-code provider Pulumi Corp. today announced four product enhancements that are designed to improve security, streamline automation and provide greater control over cloud resources.
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback