Infosecurity Magazine3d
Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise
The threat actors initially attempted to compromise projects associated with the Coinbase cryptocurrency exchange, said Palo ...
InfoWorld22d
Thousands of open source projects at risk from hack of GitHub Actions tool
App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was ...
Recent GitHub supply chain attack traced to leaked SpotBugs token
A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen ...
SecurityWeek3d
Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack
Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.
Bleeping Computer21d
Supply chain attack on popular GitHub Action exposes CI/CD secrets
A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD ...
Developer Tech3d
GitHub boosts Copilot with agents, new models, and MCP support
GitHub is enhancing its AI-powered coding assistant, Copilot, to make it more autonomous and integrated with developers' ...
Cryptopolitan on MSN15d
Coinbase fends off targeted GitHub Action attack in early-stage breach attempt
According to the cybersecurity firms analyzing the incident, the attacker initially tried to compromise the Coinbase ...
GitHub Copilot introduces new limits, charges for ‘premium’ AI models
GitHub Copilot, Microsoft-owned GitHub's AI coding assistant, could soon become costlier for some users, thanks to new limits ...