Showing 0 Items
GitGuardian researchers discover massive supply chain attack affecting 817 repositories across 327 GitHub users. Malicious workflows exfiltrated 3,325 secrets including PyPI, npm, and DockerHub tokens through compromised developer accounts.
We’re excited to announce the release of our NPM Package Cooldown Check, which helps teams block newly released, potentially compromised dependencies, while still allowing emergency fixes and integrating seamlessly into GitHub workflows
Microsoft Defender was unexpectedly installed on multiple workflow runs from mid-July through mid-August, causing abnormal network traffic. StepSecurity Harden Runner detected this infrastructure anomaly within hours, and GitHub Support has since resolved the issue
s1ngularity attack hijacked Nx package on npm to steal cryptocurrency wallets, GitHub/npm tokens, SSH keys, and environment secrets - the first documented case of malware weaponizing AI CLI tools for reconnaissance and data exfiltration.
How an AWS release rollback triggered the same red flags as a supply chain attack — and why treating every tag movement as suspicious is key to protecting your CI/CD pipelines
We reveal how baseline-driven monitoring caught one of 2025's most consequential CI/CD supply chain attacks, exposing the vulnerability of 23,000+ repositories including those from GitHub, Meta, and Microsoft.
Explore how to use GitHub Actions secrets securely by restricting organizational secrets, using secrets exclusively for sensitive data, and implementing least privileged access.
How threat actors exploited AWS CodeBuild pipelines by stealing secrets from CI/CD memory—and the proactive defenses organizations can deploy to detect, respond to, and prevent such attacks.
