News
Large organizations among those cleaning up the mess It's not such a happy Monday for defenders wiping the sleep from their ...
A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise ...
Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack. The way build ...
GitHub supply chain attack GitHub Action' tj-actions/changed-files' was compromised by attackers who added a malicious commit on March 14, 2025, to dump CI/CD secrets from the Runner Worker ...
And with more than 100M developers building on GitHub, we want to ensure developers have the tools needed to help protect the integrity of their software supply chain,” Trevor Rosen, staff ...
Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise - Infosecurity Magazine
A recent supply chain attack that compromised the popular tj-actions/changed-files GitHub action has left a trail of digital destruction, affecting 218 GitHub repositories. As investigators dig deeper ...
The backers of the Open Software Supply Chain Attack Reference (OSC&R) framework for supply chain security has gone live on Github, enabling anybody to contribute to the model. The MITRE ATT&CK ...
Stacklok, the open source software supply chain company founded by Kubernetes co-creator Craig McLuckie and Sigstore creator Luke Hinds, is donating Minder, one of its key projects, to the Open ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback