Supply Chain Attacks Targeting GitHub Actions Increased in 2025
At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle.
Researchers discovered backdoors, poisoned code, and malicious commits in some of the more popular tool developers, jeopardizing software supply chains.
Sophos researchers found this operation has similarities or connections to many other campaigns targeting GitHub repositories dating back to August 2022.
CeranaKeeper is bombarding Southeast Asia with data exfiltration attacks via file-sharing services such as Pastebin, OneDrive, and GitHub, researchers say.
A cyber attacker gives defenders a taste of their own medicine, with GitHub honeypots concealing infostealers.
Threat groups created a fake security company, "High Sierra," with faux exploits and fake profiles for security researchers on GitHub and elsewhere, aiming to get targets to install their malware.