GitHub security campaigns make it easier for developers and security teams to collaborate on fixing vulnerabilities in their ...

GitHub Action' tj-actions/changed-files' was compromised by attackers who added a malicious commit on March 14, 2025, to dump CI/CD secrets from the Runner Worker process to the repository.

But this mystery isn't over yet, Unit 42 opines That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow - ...

Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.

A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj ...

We know a bit more about the GitHub Actions supply chain attack from last month. Palo Alto’s Unit 42 has been leading the ...

A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally target ...

Leaked SpotBugs PAT in November 2024 led to a GitHub supply chain attack, compromising Coinbase in March 2025.

GitHub Copilot, Microsoft-owned GitHub's AI coding assistant, could soon become costlier for some users, thanks to new limits ...

Open source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer ...

GitHub is enhancing its AI-powered coding assistant, Copilot, to make it more autonomous and integrated with developers' ...