GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign

Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
adtmag.com

Ionic Partners with AWS for Mobile Back-End Starter Project on GitHub

Ionic is known for its open source framework and associated development tools that can create native mobile apps with one codebase based on AngularJS, Apache Cordova and JavaScript/CSS Web ...
InfoQ

AWS Lambda Adds Support for GitHub Actions

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Senyo Simpson discusses how Rust's core ...
SecurityWeek

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets

A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of secrets.

A terrifying, self-replicating malwaere has infected npm packages with over 2 million downloads per week - here's how to stay safe

"After detecting several malicious Node Package Manager (NPM) packages in the public NPM registry, a third-party open source ...
SiliconANGLE

AWS open-sources SaaS Boost to speed up cloud application projects

Amazon Web Services Inc. has open-sourced an internally-developed toolkit called SaaS Boost in a bid to help companies build software-as-a-service applications on its cloud platform faster. AWS ...