News

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account ...
PC World9y

Developers leak Slack access tokens on GitHub, putting sensitive ...

Developers from hundreds of companies have included access tokens for their Slack accounts in public projects on GitHub, putting their teams' internal chats and other data at risk.
The Hacker News9d

Malicious Nx Packages in 's1ngularity' Attack Leaked 2,349 GitHub, Cloud, and AI Credentials

Nx supply chain attack on Aug 26, 2025 leaked 2,349 secrets via npm packages, risking GitHub and cloud accounts.
CSOonline1y

Major GitHub repos leak access tokens putting code and clouds at risk

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure.
Bleeping Computer4y

GitHub now supports security keys when using Git over SSH

GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts.
InfoWorld5mon

GitHub suffers a cascading supply chain attack compromising CI/CD ...

Widening impact assessment The tj-actions developers had previously reported they could not determine exactly how attackers gained access to their GitHub personal access token.
InfoQ4y

GitHub Changes Token Format to Improve Identifiability, Secret Scanning ...

GitHub has recently moved to a new format for all of its tokens, including personal access, OAuth access, user-to-server and server-to-server, and refresh tokens. As GitHub engineer Heather Harvey ...