-
GitHub has announced a major security-focused overhaul of npm with the upcoming release of npm v12, introducing stricter default controls designed to mitigate software supply chain attacks and prevent unauthorized code execution during package installa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sustained phishing campaign that leverages developer recruitment and code-review lures to deliver cross‑platform malware via attacker-controlled GitHub repositories. Tracked as UNK_DeadDrop and attributed with high confidence to a North Korea‑aligned…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Anthropic’s Claude Code GitHub Action could unintentionally expose CI/CD workflow secrets when AI agents process untrusted GitHub content. The risk arises because certain tools the agent uses to read files were not sandboxed like subprocess execution p…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
32 Red Hat npm packages compromised by Miasma malware expose cloud tokens, CI/CD secrets and developer credentials in supply chain attack.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Analysis has revealed that 38% of organizations are running GitHub Actions workflows vulnerable to script injection or unsafe trigger configurations, highlighting a growing risk in modern software supply chains. GitHub plays a central role in developme…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed vulnerability in GitHub’s browser-based editor, GitHub.dev, allows attackers to steal powerful OAuth tokens with just a single click, giving them read and write access to private repositories. The flaw exploits how Visual Studio Code …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered malicious npm package is drawing attention across the cybersecurity community after inadvertently exposing its own operator’s private GitHub token. Identified by OX Security researchers, the package, named mouse5212-super-formatter, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitHub has released Enterprise Server (GHES) version 3.20.3, addressing multiple critical and high-severity vulnerabilities that could allow attackers to access internal services, escalate privileges, and extract sensitive data. The update, published o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitHub has introduced a major security enhancement to the npm ecosystem with the general availability of staged publishing and new install-time controls in npm CLI version 11.15.0. These updates are designed to reduce software supply chain risks, parti…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
