Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
Hosted on MSN

Critical AWS supply chain vulnerability could have let hackers take over key GitHub repositories

Wiz discovered AWS CodeBuild misconfiguration enabling unauthorized privileged builds, dubbed “CodeBreach.” Flaw risked exposing GitHub tokens and enabling supply chain attacks across AWS projects AWS ...
TMCnet

Linux Foundation Announces $12.5 Million in Grant Funding from Leading Organizations to Advance Open Source Security

GitHub, Google, Google DeepMind, Microsoft, and OpenAI Join Forces with the Foundation to Invest in Sustainable Security Solutions for the Open Source Ecosystem SAN FRANCISCO, March 17, 2026 ...
Bleeping Computer

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. The attack was discovered by ...