Advertisement
Megalodon Supply Chain Attack Infects 5,500+ GitHub Repositories
Attackers used automated commits to inject malicious GitHub Actions workflows into 5,500+ repositories, targeting CI/CD secrets and sensitive tokens.
Megalodon Campaign: 5,561 GitHub Repos Hit by Malicious Workflows
Automated Megalodon attack pushes 5,718 malicious commits to GitHub repositories to exfiltrate secrets via GitHub Actions workflows.
Grafana Breach After TanStack Attack: Token Rotation Failure
Grafana suffered a data breach due to a GitHub workflow token not rotated after the TanStack npm supply-chain attack, impacting user data. Learn the details.
OpenAI Revokes macOS App Certificate Following Supply Chain Attack
OpenAI revokes its macOS app signing certificate after a GitHub Actions workflow downloaded a malicious Axios library version during a supply chain incident.
Axios NPM Supply Chain Attack Bypasses GitHub Actions CI/CD
A sophisticated supply chain attack targeted the Axios NPM package, leveraging a compromised token to bypass GitHub Actions CI/CD and deploy malicious versions.
TeamPCP Supply Chain Attacks Target Docker Hub, PyPI, and VS Code
TeamPCP expands supply chain attack tactics from GitHub Actions to Docker Hub, PyPI, and VS Code extensions, collaborating with the Lapsus$ hacking group.
trivy-action Supply Chain Attack: Scattered Swarm Steals GitHub Secrets
Analysis of the trivy-action supply chain compromise by Scattered Swarm. Learn how GitHub runner secrets were stolen and critical mitigation steps.
Tag Poisoning Compromises Xygeni GitHub Action, C2 Implant Active
Attackers compromised the `xygeni/xygeni-action` GitHub Action using tag poisoning, deploying a C2 implant for up to a week. Users must verify integrity and review logs.