Skip to main content
← All Articles

Tag

#GitHub

33 articles

Advertisement

Cordyceps CI/CD Flaws: Supply Chain Attacks on GitHub Repositories
CRITICAL
Supply Chain

Cordyceps CI/CD Flaws: Supply Chain Attacks on GitHub Repositories

Novee Security uncovered Cordyceps, a critical CI/CD workflow flaw exposing over 300 GitHub repositories to supply chain compromise, affecting major organizations.

Runtime Rebel Intel
4 min read·Jun 24, 2026
Novo Nordisk Breach: Securing Secrets in GitHub Development Pipelines
HIGH
Supply Chain

Novo Nordisk Breach: Securing Secrets in GitHub Development Pipelines

Analysis of the Novo Nordisk GitHub token leak and why secrets management must transition from static tools to identity-based security frameworks.

Runtime Rebel Intel
3 min read·Jun 19, 2026
MA
HIGH
Malware

Miasma Worm Source Code Briefly Leaked on GitHub

Analysis of the Miasma worm source code leak on GitHub, a credential-stealing framework targeting open-source ecosystems via supply-chain attacks. Understand

Runtime Rebel Intel
4 min read·Jun 10, 2026
Miasma Compromises 73 Microsoft GitHub Repos: Incident Analysis
CRITICAL
Supply Chain

Miasma Compromises 73 Microsoft GitHub Repos: Incident Analysis

Microsoft restores some GitHub repositories after 73 projects were hit by Miasma's supply chain attack to inject information stealers. Learn detection steps.

Runtime Rebel Intel
4 min read·Jun 9, 2026
VU
HIGH
Vulnerabilities

VS Code One-Click GitHub Token Theft via URI Handler Exploitation

A flaw in Visual Studio Code allows attackers to steal GitHub authentication tokens with a single click. Learn the technical details and mitigation steps.

Runtime Rebel Intel
4 min read·Jun 4, 2026
Megalodon Malware: GitHub Repo Compromise & Secret Theft
HIGH
Supply Chain

Megalodon Malware: GitHub Repo Compromise & Secret Theft

Analysis of the Megalodon malware campaign, which compromised over 5,500 GitHub repositories in six hours to steal developer credentials and sensitive secrets. Learn how

Runtime Rebel Intel
4 min read·May 26, 2026
SU
CRITICAL
Supply Chain

TeamPCP Supply Chain Attack Targets Microsoft SDKs and GitHub

TeamPCP expands its supply chain campaign to trojanize official Microsoft Python SDKs and infiltrate GitHub, requiring immediate dependency audits.

Runtime Rebel Intel
3 min read·May 25, 2026
SU
HIGH
Supply Chain

Megalodon Supply Chain Attack Infects 5,500+ GitHub Repositories

Attackers used automated commits to inject malicious GitHub Actions workflows into 5,500+ repositories, targeting CI/CD secrets and sensitive tokens.

Runtime Rebel Intel
3 min read·May 25, 2026
Packagist Supply Chain Attack: 8 Packages Deliver Linux Malware
HIGH
Supply Chain

Packagist Supply Chain Attack: 8 Packages Deliver Linux Malware

Security researchers identified a supply chain attack on Packagist involving eight infected packages that deploy Linux malware via GitHub Releases URLs.

Runtime Rebel Intel
3 min read·May 23, 2026
npm Staged Publishing: New 2FA Controls Prevent Supply Chain Attacks
MEDIUM
Supply Chain

npm Staged Publishing: New 2FA Controls Prevent Supply Chain Attacks

GitHub introduces staged publishing for npm, requiring manual 2FA approval for package releases to mitigate malicious automated updates and account takeovers.

Runtime Rebel Intel
3 min read·May 23, 2026
CL
CRITICAL
Cloud Security

CISA Contractor Leaks AWS GovCloud Credentials via GitHub Repository

A significant security leak involving a CISA contractor has exposed privileged AWS GovCloud credentials and internal software deployment processes on GitHub.

Runtime Rebel Intel
4 min read·May 23, 2026
DA
CRITICAL
Data Breach

CISA Data Leak: AWS GovCloud Keys Exposed via Public GitHub Repo

Lawmakers demand answers from CISA after a contractor leaked AWS GovCloud keys and internal secrets on GitHub, prompting urgent credential rotation.

Runtime Rebel Intel
4 min read·May 22, 2026