CSO Online

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
Bleeping Computer

GitHub Actions being actively abused to mine cryptocurrency on GitHub servers

GitHub Actions is currently being abused by attackers to mine cryptocurrency on GitHub's servers in an automated attack. GitHub Actions is a CI/CD solution that makes it easy to setup periodic tasks ...
Hackaday

This Week In Security: The Github Supply Chain Attack, Ransomware Decryption, And Paragon

Last Friday Github saw a supply chain attack hidden in a popular Github Action. To understand this, we have to quickly cover Continuous Integration (CI) and Github Actions. CI essentially means ...
Infosecurity-magazine.com

Security Experts Urge IT to Lock Down GitHub Services

Threat intelligence firm Recorded Future has warned that threat actors are increasingly using GitHub services to launch covert cyber-attacks, and urged IT teams to take action. Its new report, Flying ...
Bleeping Computer

GitHub can now alert of supply-chain bugs in new dependencies

GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities. This is achieved by adding the new Dependency Review GitHub Action ...