Advertisement

Cordyceps CI/CD Flaws: Supply Chain Attacks on GitHub Repositories
Novee Security uncovered Cordyceps, a critical CI/CD workflow flaw exposing over 300 GitHub repositories to supply chain compromise, affecting major organizations.

Novo Nordisk Breach: Securing Secrets in GitHub Development Pipelines
Analysis of the Novo Nordisk GitHub token leak and why secrets management must transition from static tools to identity-based security frameworks.
Miasma Worm Source Code Briefly Leaked on GitHub
Analysis of the Miasma worm source code leak on GitHub, a credential-stealing framework targeting open-source ecosystems via supply-chain attacks. Understand

Miasma Compromises 73 Microsoft GitHub Repos: Incident Analysis
Microsoft restores some GitHub repositories after 73 projects were hit by Miasma's supply chain attack to inject information stealers. Learn detection steps.
VS Code One-Click GitHub Token Theft via URI Handler Exploitation
A flaw in Visual Studio Code allows attackers to steal GitHub authentication tokens with a single click. Learn the technical details and mitigation steps.

Megalodon Malware: GitHub Repo Compromise & Secret Theft
Analysis of the Megalodon malware campaign, which compromised over 5,500 GitHub repositories in six hours to steal developer credentials and sensitive secrets. Learn how
TeamPCP Supply Chain Attack Targets Microsoft SDKs and GitHub
TeamPCP expands its supply chain campaign to trojanize official Microsoft Python SDKs and infiltrate GitHub, requiring immediate dependency audits.
Megalodon Supply Chain Attack Infects 5,500+ GitHub Repositories
Attackers used automated commits to inject malicious GitHub Actions workflows into 5,500+ repositories, targeting CI/CD secrets and sensitive tokens.

Packagist Supply Chain Attack: 8 Packages Deliver Linux Malware
Security researchers identified a supply chain attack on Packagist involving eight infected packages that deploy Linux malware via GitHub Releases URLs.

npm Staged Publishing: New 2FA Controls Prevent Supply Chain Attacks
GitHub introduces staged publishing for npm, requiring manual 2FA approval for package releases to mitigate malicious automated updates and account takeovers.
CISA Contractor Leaks AWS GovCloud Credentials via GitHub Repository
A significant security leak involving a CISA contractor has exposed privileged AWS GovCloud credentials and internal software deployment processes on GitHub.
CISA Data Leak: AWS GovCloud Keys Exposed via Public GitHub Repo
Lawmakers demand answers from CISA after a contractor leaked AWS GovCloud keys and internal secrets on GitHub, prompting urgent credential rotation.