News

CSO Online13d
GitHub Actions attack renders even security-aware orgs vulnerable
Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by ...
CSO Online10d
GitHub hit by a sophisticated malware campaign as ‘Banana Squad’ mimics popular repos
Attackers use typo-squatting, obfuscation, and fake accounts to slip Python-based malware into open-source projects, raising ...
The Hacker News10d
200+ Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
A new cybersecurity campaign has exposed 67 trojanized GitHub repositories, targeting gamers and developers with malicious ...
InfoWorld3mon
Thousands of open source projects at risk from hack of GitHub Actions tool - InfoWorld
Normally this tool helps developers detect file changes in a repository, but a GitHub advisory says the change executes a malicious Python script that allows remote attackers to discover secrets ...
Bleeping Computer10mon
GitHub Actions artifacts found leaking auth tokens in popular projects - BleepingComputer
Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...