Advertisement
Megalodon Malware: GitHub Repo Compromise & Secret Theft
Analysis of the Megalodon malware campaign, which compromised over 5,500 GitHub repositories in six hours to steal developer credentials and sensitive secrets. Learn how
TeamPCP Supply Chain Attack Targets Microsoft SDKs and GitHub
TeamPCP expands its supply chain campaign to trojanize official Microsoft Python SDKs and infiltrate GitHub, requiring immediate dependency audits.
Megalodon Supply Chain Attack Infects 5,500+ GitHub Repositories
Attackers used automated commits to inject malicious GitHub Actions workflows into 5,500+ repositories, targeting CI/CD secrets and sensitive tokens.
Packagist Supply Chain Attack: 8 Packages Deliver Linux Malware
Security researchers identified a supply chain attack on Packagist involving eight infected packages that deploy Linux malware via GitHub Releases URLs.
npm Staged Publishing: New 2FA Controls Prevent Supply Chain Attacks
GitHub introduces staged publishing for npm, requiring manual 2FA approval for package releases to mitigate malicious automated updates and account takeovers.
CISA Contractor Leaks AWS GovCloud Credentials via GitHub Repository
A significant security leak involving a CISA contractor has exposed privileged AWS GovCloud credentials and internal software deployment processes on GitHub.
CISA Data Leak: AWS GovCloud Keys Exposed via Public GitHub Repo
Lawmakers demand answers from CISA after a contractor leaked AWS GovCloud keys and internal secrets on GitHub, prompting urgent credential rotation.
GitHub Data Breach: Analysis of TeamPCP Internal Repository Theft
GitHub confirms the theft of 4,000 internal repositories by threat actor TeamPCP. Learn the technical implications and defense strategies for security teams.
GitHub Repository Breach Linked to TanStack Supply Chain Attack
GitHub confirms the breach of 3,800 internal repositories via a compromised VS Code extension linked to the TanStack npm supply chain attack.
GitHub Internal Repositories Breached via Nx Console VS Code Extension
GitHub confirms internal repository breach after an employee device was compromised by a poisoned Nx Console VS Code extension in a supply chain attack.
GitHub Repository Breach: 3,800 Repos Accessed via VS Code Extension
GitHub confirms a security incident where a malicious VS Code extension compromised an employee account, leading to the unauthorized access of 3,800 repos.
GitHub Investigates Claimed TeamPCP Breach of 4,000 Internal Repos
GitHub is investigating a potential breach of 4,000 internal repositories claimed by TeamPCP, highlighting the risk of source code leaks for enterprises.