News

Security Boulevard7d

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...
Arabian Post on MSN4d

Cyber-Attack Campaign GhostAction Targets GitHub Workflows

This breach exposed a critical weakness in the current CI/CD security model: the assumption that automated workflows are inherently benign. The GhostAction supply chain campaign underscores how ...
heise online3mon

Attack via GitHub MCP server: Access to private data

A blog post by AI security company Invariant Labs shows that the official GitHub MCP server (Model Context Protocol) can invite prompt injection attacks. In a proof of concept, an attacker used a ...
The Register on MSN10mon

Python dethrones JavaScript as the most-used language on GitHub

Yearly report finds explosion of GenAI projects, new users from outside the coding community responsible for boost There's been an upset in the Octoverse, as Python has unseated JavaScript as the most ...
TechSpot1mon

Microsoft absorbs GitHub into CoreAI division as CEO plans exit

What just happened? Microsoft's integration of GitHub into its CoreAI division signals a bold AI-driven shift in software development. While GitHub Copilot's growth highlights this potential, some in ...