News

GitHub supply chain attack sees thousands of tokens and secrets stolen in GhostAction campaign

Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack ...

Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...
Infosecurity Magazine10h

Salesloft: GitHub Account Breach Was Ground Zero in Drift Campaign

Salesloft has revealed that threat actors targeted customer Salesforce data after breaching its GitHub account ...
SecurityWeek1d

Salesloft GitHub Account Compromised Months Before Salesforce Attack

Threat actors had access to Salesloft’s GitHub account between March and June 2025 and performed reconnaissance.

Salesloft: March GitHub repo breach led to Salesforce data theft attacks

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in ...
SecurityWeek1d

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets

A supply chain attack involving malicious GitHub Action workflows has impacted hundreds of repositories and thousands of ...
The Register on MSN23h

Drift massive attack traced back to loose Salesloft GitHub account

Meanwhile the victim count grows The Salesloft Drift breach that compromised "hundreds" of companies including Google, Palo ...
IT News For Australia Business11y

AWS urges developers to scrub GitHub of secret keys

Amazon Web Services (AWS) is urging developers using the code sharing site GitHub to check their posts to ensure they haven't inadvertently exposed their log-in credentials. Thousands of ‘secret ...