CSO Online

GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos

Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows ...
Krebs on Security

CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public ...
Tech Times

Lawmakers Demand Answers as CISA Scrambles to Contain Catastrophic GitHub Credential Leak

CISA GitHub credential leak exposed AWS GovCloud admin keys, plaintext passwords, and an RSA private key for six months via a ...

Laravel Lang packages hijacked to deploy credential-stealing malware

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated ...

Megalodon chums the waters in 5.5K+ GitHub repo poisonings

A malware-spreading scumbag swimming through GitHub pushed malicious commits to more than 5,500 repositories on Monday as ...
The Hacker News

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Megalodon pushed 5,718 malicious GitHub commits in 6 hours, exposing CI secrets and cloud credentials at scale.
Bleeping Computer

GitHub rotates keys to mitigate impact of credential-exposing flaw

GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. This unsafe ...