Security Boulevard

The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated ...
Bleeping Computer

GitHub comments abused to push malware via Microsoft repo URLs

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. While most ...

Salesloft says Drift customer data thefts linked to March GitHub account hack

The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the ...
TechCrunch

Microsoft AI researchers accidentally exposed terabytes of internal sensitive data

Microsoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords, while publishing a storage bucket of open source training data on GitHub. In ...