News

SecurityWeek13d
Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack
Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.
Bleeping Computer1mon
Supply chain attack on popular GitHub Action exposes CI/CD secrets
potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. The GitHub Action is a very popular automation tool designed for GitHub Actions workflows. It allows ...
Microsoft brings Windows on Arm runner support to GitHub Actions for all public repositories
Developers can now finally integrate Windows on Arm runners into their CI workflows across all public GitHub repositories.
Computing1mon
GitHub supply-chain attack threatens 23,000 organisations
That commit was designed to print secrets, such as cryptographic keys, to GitHub Actions build logs where they can be read as plain test. The compromised commit contained base64-encoded ...
InfoWorld29d
GitHub suffers a cascading supply chain attack compromising CI/CD secrets
A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally target ...
Hackaday12d
This Week In Security: Target Coinbase, Leaking Call Records, And Microsoft Hotpatching
We know a bit more about the GitHub Actions supply chain attack from last month. Palo Alto’s Unit 42 has been leading the ...