News

Bleeping Computer5mon

Coinbase was primary target of recent GitHub Actions breaches

Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. As previously reported, ...
InfoWorld6mon

Thousands of open source projects at risk from hack of GitHub Actions tool

App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was ...
Bleeping Computer5mon

Enhancing your DevSecOps with Wazuh, the open source XDR platform

DevSecOps, short for Development, Security, and Operations, is a methodology that integrates security practices into software Development Operations (DevOps). It emphasizes that security should be a ...
Hackaday5mon

This Week In Security: The Github Supply Chain Attack, Ransomware Decryption, And Paragon

Last Friday Github saw a supply chain attack hidden in a popular Github Action. To understand this, we have to quickly cover Continuous Integration (CI) and Github Actions. CI essentially means ...
Ars Technica1mon

GitHub abused to distribute payloads on behalf of malware-as-a-service

Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to ...
CSOonline6mon

GitHub accounts targeted with fake security alerts

In a new phishing campaign, GitHub developers are being targeted with fake “Security Alerts” where they are prompted to authorize a malicious OAuth application. Successful execution of the Click-fix ...