GitHub supply chain attack spills secrets from 23,000 projects
StepSecurity disclosed a compromise of the popular GitHub Action tj-actions/changed-files, which works to detect file changes ...
SD Times26d
GitHub unbundling its GitHub Advanced Security offering starting in April
With these changes, any GitHub Team subscriber (starting at $4/month/user) will be able to purchase these products. “With the introduction of Secret Protection and Code Security as separate ...
Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot
Lasso extracted a list of repositories that were public at any point in 2024 and identified the repositories that had since been deleted or set to private. Using Bing’s caching mechanism, the company ...
GitHub Action hack likely led to another in cascading supply chain attack
A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed ...
InfoWorld11d
GitHub suffers a cascading supply chain attack compromising CI/CD secrets
CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.
InfoWorld12d
Thousands of open source projects at risk from hack of GitHub Actions tool
Researchers say compromised tool in the GitHub CI/CD environment stole credentials; infosec leaders need to act immediately.
Pulumi enhances cloud security with automated secrets rotation and new GitHub integration
Infrastructure-as-code provider Pulumi Corp. today announced four product enhancements that are designed to improve security, streamline automation and provide greater control over cloud resources.
Business Insider India2y
GitHub lays off entire India engineering team, at least 100 employees hit
Open source developer platform GitHub has laid off its entire engineering team in India, its second-largest developer community after the US, which affected at least 100 employees as part of the ...