News

GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign

Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...
Security Boulevard9d

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...
ZDNet6y

Over 100,000 GitHub repos have leaked API or cryptographic keys

A scan of billions of files from 13 percent of all GitHub public repositories over a period of six months has revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with ...
Visual Studio Magazine12mon

Another Report Weighs In on GitHub Copilot Dev Productivity:

Is the original "AI pair programmer" helping developers be more productive? Several reports seeking to measure the impact of GitHub Copilot -- including one from GitHub itself -- have weighed in on ...
Krebs on Security4mon

xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs

Philippe Caturegli, “chief hacking officer” at the security consultancy Seralys, was the first to publicize the leak of credentials for an x.ai application programming interface (API) exposed in the ...
Bleeping Computer3y

GitHub: How stolen OAuth tokens helped breach dozens of orgs

GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations. The attacker used stolen OAuth ...