News

The Register on MSN3d
More than a hundred backdoored malware repos traced to single GitHub user
Someone went to great lengths to prey on the next generation of cybercrooks Sophos thinks a single person or group called ...
InfoWorld2mon
Thousands of open source projects at risk from hack of GitHub Actions tool
App development teams who use a popular utility in the GitHub Actions continuous integration ... “That means potentially thousands of open source packages have the potential to have been ...
Ars Technica2mon
Large enterprises scramble after supply-chain attack spills their secrets
Open source software used by more than 23,000 ... They went on to remind users they should "always review GitHub Actions or any other package that they are using in their code before they update ...
I replaced all my productivity apps with open source tools for a month, and here's what I learned
My digital life and productivity hovered around subscriptions and proprietary apps for many years. From project management to note-taking, I relied on the polished interfaces and seamless integrations ...
Bleeping Computer2mon
Recent GitHub supply chain attack traced to leaked SpotBugs token
Also, the incident highlights fundamental problems in the chain of trust between open-source repositories, as well as GitHub Action ecosystem issues like tag mutability and poor audit logging.
GitHub Copilot evolves into autonomous agent with asynchronous code testing
GitHub adds agentic capabilities to its Copilot coding assistant, competing with other more asynchronous coding platforms.
Infosecurity-magazine.com2mon
Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise
GitHub Actions are continuous integration and continuous delivery ... They were likely looking to compromise the software supply chain for other open-source libraries, binaries and artifacts created ...
SecurityWeek3d
Backdoored Open Source Malware Repositories Target Novice Cybercriminals
A threat actor has been creating backdoored open source malware repositories to target novice cybercriminals and game cheaters.
EBU Technology & Innovation11d
Oh smart! Strengthening collaboration on open-source software for media
You have probably heard someone saying, “Oh smart!” before, perhaps in a meeting when a good idea or a clever solution was ...
Infosecurity-magazine.com2mon
Tj-actions Supply Chain Attack Exposes 23,000 Organizations
GitHub Actions is a continuous integration and continuous delivery ... They were likely looking to compromise the software supply chain for other open source libraries, binaries, and artifacts created ...
ZDNet20d
Copilot's Coding Agent brings automation deeper into GitHub workflows
Workflows created with GitHub Actions won't run without approval ... the GitHub Copilot extensions will now be part of the same open-source repository that drives the world's most popular ...
InfoWorld2mon
GitHub suffers a cascading supply chain attack compromising CI/CD secrets
A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally target ...