Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack
A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. [...]
Meanwhile the victim count grows The Salesloft Drift breach that compromised "hundreds" of companies including Google, Palo Alto Networks, and Cloudflare, all started with miscreants gaining access to the Salesloft GitHub account in March.…
Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has been put to use in campaigns distributing various information stealers and remote access trojans (RATs)
Kremlin-aligned gang used Cloudflare and GitHub resources, and they didn't like that one bit Cloudflare's threat intel team claims to have thwarted a month-long phishing and espionage attack targeting Ukraine which it has attributed to Russia-aligned gang FlyingYeti.…