Repositories

Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories’ CI/CD Secrets Exposed

Mar 23, 2025 by iHash Leave a Comment

The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something more widespread in scope. "The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for … [Read more...] about Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories’ CI/CD Secrets Exposed

Malicious code in fake GitHub repositories

Feb 25, 2025 by iHash Leave a Comment

Can you imagine a world where, every time you wanted to go somewhere, you had to reinvent the wheel and build a bicycle from scratch? We can’t either. Why reinvent something that already exists and works perfectly well? The same logic applies to programming: developers face routine tasks every day, and instead of inventing their own wheels and bicycles (which might even be not … [Read more...] about Malicious code in fake GitHub repositories

GitHub Token Leak Exposes Python’s Core Repositories to Potential Attacks

Jul 15, 2024 by iHash Leave a Comment

Jul 15, 2024NewsroomSupply Chain Attack / Cyber Threat Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF) repositories. JFrog, which found the GitHub Personal Access Token, said the … [Read more...] about GitHub Token Leak Exposes Python’s Core Repositories to Potential Attacks

Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack

Sep 12, 2023 by iHash Leave a Comment

Sep 12, 2023THNSoftware Security / Vulnerability A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show. The flaw "could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations," Checkmarx security researcher Elad Rapoport said in a … [Read more...] about Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack

Hackers Breach Okta’s GitHub Repositories, Steal Source Code

Dec 22, 2022 by iHash Leave a Comment

Dec 22, 2022Ravie LakshmananSoftware Security / Data Breach Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month. "There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers," the company said in a public … [Read more...] about Hackers Breach Okta’s GitHub Repositories, Steal Source Code

Malware Strains Targeting Python and JavaScript Developers Through Official Repositories

Dec 13, 2022 by iHash Leave a Comment

Dec 13, 2022Ravie Lakshmanan An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. The typosquatted Python packages all impersonate the popular requests library: dequests, … [Read more...] about Malware Strains Targeting Python and JavaScript Developers Through Official Repositories

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54