News

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...
CSO Online12h

GhostAction campaign steals 3325 secrets in GitHub supply chain attack

Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.
SecurityWeek11h

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets

A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of ...
Krebs on Security1h

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with ...