The Hacker News3d
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
CISA warns of CVE-2025-30066, a GitHub supply chain attack exposing secrets via compromised actions logs. Update ...
InfoWorld4d
Thousands of open source projects at risk from hack of GitHub Actions tool
Researchers say compromised tool in the GitHub CI/CD environment stole credentials; infosec leaders need to act immediately.
Critical RCE flaw in Apache Tomcat actively exploited in attacks
A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the ...
Supply chain attack on popular GitHub Action exposes CI/CD secrets
A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially ...
Computing5d
GitHub supply-chain attack threatens 23,000 organisations
A supply chain attack on a GitHub Actions tool has put up to 23,000 organisations at risk of having credentials stolen.
Computing11d
GitHub-hosted malware infects a million devices
A large-scale malvertising campaign using GitHub as a primary attack vector has infected nearly one million devices worldwide ...
Supply chain attack against GitHub Action triggers massive exposure of secrets
Security researchers are warning of a supply chain attack against tj-actions/changed-files GitHub Action, which is used in ...
TechCrunch24d
Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot
Thousands of once-public GitHub repositories from some of the world’s biggest companies are affected, including Microsoft’s, according to new findings from Lasso, an Israeli cybersecurity ...