News

Security Boulevard

Shai-Hulud: A Persistent Secret Leaking Campaign

On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The ...
CSO Online

GhostAction campaign steals 3325 secrets in GitHub supply chain attack

Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.
ZDNet

GitHub security alerts now support PHP projects

Since the Dependency Graph feature is intertwined with the Security Alerts (Vulnerability Alerts) feature, this also means GitHub users will also be eligible to receive automatic security alerts for ...
Security Boulevard

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...
TechRepublic

GitHub Universe: Open Source Trends Report and New AI Security Products

GitHub Universe: Open Source Trends Report and New AI Security Products Your email has been sent GitHub Advanced Security gains AI features, and GitHub Copilot now includes a chatbot option. GitHub ...
SecurityWeek

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets

A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of secrets.
Ars Technica

GitHub abused to distribute payloads on behalf of malware-as-a-service

Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to ...
FedScoop

TMF Board announces $94.8M for 3 network security projects

The Technology Modernization Fund Board will invest a total of $94.8 million in three projects increasing network security for critical services at separate agencies. “This Administration is on a path ...