InfoWorld12h
GitHub suffers a cascading supply chain attack compromising CI/CD secrets
CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.
InfoWorld6d
GitHub to unbundle Advanced Security
GitHub Secret Protection and GitHub Code Security will extend access to advanced code and secret scanning to organizations of ...
GitHub for Beginners: The Ultimate Guide to Repositories and Branches
Learn GitHub basics with this beginner's guide! Master repositories, branches, commits, and pull requests to streamline your ...
GitHub Action hack likely led to another in cascading supply chain attack
A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed ...
The Hacker News1d
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
GitHub Action tj-actions/changed-files was compromised, leaking CI/CD secrets. Users must update immediately to prevent ...
Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts
A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking ...
CPO Magazine12h
Compromise of Popular Tool Leads to Supply Chain Attack on Over 23,000 GitHub Repositories
A compromise of the popular GitHub Actions tool turned into a massive supply chain attack, at this point thought to be ...
The Hacker News17h
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
CISA warns of CVE-2025-30066, a GitHub supply chain attack exposing secrets via compromised actions logs. Update ...
What is Gemini Code Assist? Everything we know about the AI coding tool
Gemini Code Assist is an AI coding assistant developed by Google and powered by the Gemini 2.0 model. It provides real-time ...
Anthropic-backed AI-powered code review platform Graphite raises cash
AI coding assistants are becoming wildly popular, with the vast majority of respondents in GitHub’s latest poll saying that ...
Attack via GitHub action tool spied out secrets and stored them in log file
The open source tool tjactions/changed-files searched for sensitive information in the CI process with GitHub Actions and ...